diff --git a/package-lock.json b/package-lock.json index ba28246f6..b9212d156 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9306,9 +9306,9 @@ } }, "node_modules/tar-fs": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.2.tgz", - "integrity": "sha512-EsaAXwxmx8UB7FRKqeozqEPop69DXcmYwTQwXvyAPF352HJsPdkVhvTaDPYqfNgruveJIJy3TA2l+2zj8LJIJA==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.3.tgz", + "integrity": "sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==", "dev": true, "license": "MIT", "dependencies": { diff --git a/src/cli/admin/admin-add-autoid-static-user-mapping.ts b/src/cli/admin/admin-add-autoid-static-user-mapping.ts index ac3d327d1..ab6160b29 100644 --- a/src/cli/admin/admin-add-autoid-static-user-mapping.ts +++ b/src/cli/admin/admin-add-autoid-static-user-mapping.ts @@ -1,9 +1,13 @@ +import { frodo } from '@rockcarver/frodo-lib'; + import { addAutoIdStaticUserMapping } from '../../ops/AdminOps'; import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; + +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-create-oauth2-client-with-admin-privileges.ts b/src/cli/admin/admin-create-oauth2-client-with-admin-privileges.ts index cbc07b5b9..680122c69 100644 --- a/src/cli/admin/admin-create-oauth2-client-with-admin-privileges.ts +++ b/src/cli/admin/admin-create-oauth2-client-with-admin-privileges.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import Table from 'cli-table3'; import { Option } from 'commander'; import { v4 as uuidv4 } from 'uuid'; @@ -11,7 +11,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printError, printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-execute-rfc7523-authz-grant-flow.ts b/src/cli/admin/admin-execute-rfc7523-authz-grant-flow.ts index 2b0efbc03..08ef0d82a 100644 --- a/src/cli/admin/admin-execute-rfc7523-authz-grant-flow.ts +++ b/src/cli/admin/admin-execute-rfc7523-authz-grant-flow.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { JwkRsa } from '@rockcarver/frodo-lib/types/ops/JoseOps.js'; import { Option } from 'commander'; import fs from 'fs'; @@ -9,9 +10,23 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand.js'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { const program = new FrodoCommand( - 'frodo admin execute-rfc7523-authz-grant-flow' + 'frodo admin execute-rfc7523-authz-grant-flow', + [], + deploymentTypes ); program @@ -65,7 +80,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { printMessage(`Executing RFC7523 authorization grant flow...`); let clientId = uuidv4(); if (options.clientId) { diff --git a/src/cli/admin/admin-federation-export.ts b/src/cli/admin/admin-federation-export.ts index e0fdfec8b..e4c1554d9 100644 --- a/src/cli/admin/admin-federation-export.ts +++ b/src/cli/admin/admin-federation-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,7 +10,8 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-federation-import.ts b/src/cli/admin/admin-federation-import.ts index 2c92677ac..ee701a106 100644 --- a/src/cli/admin/admin-federation-import.ts +++ b/src/cli/admin/admin-federation-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +11,8 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-federation-list.ts b/src/cli/admin/admin-federation-list.ts index 1b7e7f821..09397e301 100644 --- a/src/cli/admin/admin-federation-list.ts +++ b/src/cli/admin/admin-federation-list.ts @@ -1,9 +1,12 @@ +import { frodo } from '@rockcarver/frodo-lib'; + import { getTokens } from '../../ops/AuthenticateOps'; import { listAdminFederationProviders } from '../../ops/cloud/AdminFederationOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-generate-rfc7523-authz-grant-artefacts.ts b/src/cli/admin/admin-generate-rfc7523-authz-grant-artefacts.ts index 349c7fc04..729b85663 100644 --- a/src/cli/admin/admin-generate-rfc7523-authz-grant-artefacts.ts +++ b/src/cli/admin/admin-generate-rfc7523-authz-grant-artefacts.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { JwkRsa } from '@rockcarver/frodo-lib/types/ops/JoseOps.js'; import { Option } from 'commander'; import fs from 'fs'; @@ -10,9 +10,22 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand.js'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( - 'frodo admin generate-rfc7523-authz-grant-artefacts' + 'frodo admin generate-rfc7523-authz-grant-artefacts', + [], + deploymentTypes ); program @@ -80,7 +93,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { printMessage( `Generating RFC7523 authorization grant artefacts in realm "${state.getRealm()}"...` ); diff --git a/src/cli/admin/admin-get-access-token.ts b/src/cli/admin/admin-get-access-token.ts index d62d87b78..299143089 100644 --- a/src/cli/admin/admin-get-access-token.ts +++ b/src/cli/admin/admin-get-access-token.ts @@ -5,9 +5,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; const { clientCredentialsGrant } = frodo.oauth2oidc.endpoint; export default function setup() { - const program = new FrodoCommand('frodo admin get-access-token'); + const program = new FrodoCommand( + 'frodo admin get-access-token', + [], + deploymentTypes + ); program .description('Get an access token using client credentials grant type.') @@ -37,7 +52,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { printMessage( `Getting an access token using client "${options.clientId}"...` ); diff --git a/src/cli/admin/admin-grant-oauth2-client-admin-privileges.ts b/src/cli/admin/admin-grant-oauth2-client-admin-privileges.ts index 31c9bc65a..097586ba5 100644 --- a/src/cli/admin/admin-grant-oauth2-client-admin-privileges.ts +++ b/src/cli/admin/admin-grant-oauth2-client-admin-privileges.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { grantOAuth2ClientAdminPrivileges } from '../../ops/AdminOps'; @@ -6,7 +6,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-hide-generic-extension-attributes.ts b/src/cli/admin/admin-hide-generic-extension-attributes.ts index e98f25b85..49e5a7029 100644 --- a/src/cli/admin/admin-hide-generic-extension-attributes.ts +++ b/src/cli/admin/admin-hide-generic-extension-attributes.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { hideGenericExtensionAttributes } from '../../ops/AdminOps'; @@ -6,7 +6,8 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-list-oauth2-clients-with-admin-privileges.ts b/src/cli/admin/admin-list-oauth2-clients-with-admin-privileges.ts index 9d259cc86..5c6d23e0f 100644 --- a/src/cli/admin/admin-list-oauth2-clients-with-admin-privileges.ts +++ b/src/cli/admin/admin-list-oauth2-clients-with-admin-privileges.ts @@ -1,11 +1,17 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { listOAuth2AdminClients } from '../../ops/AdminOps'; import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-list-oauth2-clients-with-custom-privileges.ts b/src/cli/admin/admin-list-oauth2-clients-with-custom-privileges.ts index a0fdb92bb..cf480ab91 100644 --- a/src/cli/admin/admin-list-oauth2-clients-with-custom-privileges.ts +++ b/src/cli/admin/admin-list-oauth2-clients-with-custom-privileges.ts @@ -1,11 +1,17 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { listOAuth2CustomClients } from '../../ops/AdminOps'; import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-list-static-user-mappings.ts b/src/cli/admin/admin-list-static-user-mappings.ts index a061346f9..147a35fb5 100644 --- a/src/cli/admin/admin-list-static-user-mappings.ts +++ b/src/cli/admin/admin-list-static-user-mappings.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { listNonOAuth2AdminStaticUserMappings } from '../../ops/AdminOps'; @@ -5,7 +6,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-remove-static-user-mapping.ts b/src/cli/admin/admin-remove-static-user-mapping.ts index b67da98a4..4b3b11367 100644 --- a/src/cli/admin/admin-remove-static-user-mapping.ts +++ b/src/cli/admin/admin-remove-static-user-mapping.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { removeStaticUserMapping } from '../../ops/AdminOps'; @@ -5,7 +6,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-repair-org-model.ts b/src/cli/admin/admin-repair-org-model.ts index b336823b1..e0aafa619 100644 --- a/src/cli/admin/admin-repair-org-model.ts +++ b/src/cli/admin/admin-repair-org-model.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { repairOrgModel } from '../../ops/AdminOps'; @@ -6,7 +6,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-revoke-oauth2-client-admin-privileges.ts b/src/cli/admin/admin-revoke-oauth2-client-admin-privileges.ts index d9ee95946..88cd95995 100644 --- a/src/cli/admin/admin-revoke-oauth2-client-admin-privileges.ts +++ b/src/cli/admin/admin-revoke-oauth2-client-admin-privileges.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { revokeOAuth2ClientAdminPrivileges } from '../../ops/AdminOps'; @@ -6,7 +6,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-show-generic-extension-attributes.ts b/src/cli/admin/admin-show-generic-extension-attributes.ts index ccaa03321..054266822 100644 --- a/src/cli/admin/admin-show-generic-extension-attributes.ts +++ b/src/cli/admin/admin-show-generic-extension-attributes.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { showGenericExtensionAttributes } from '../../ops/AdminOps'; @@ -6,7 +6,8 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/admin/admin-train-auto-access-model.ts b/src/cli/admin/admin-train-auto-access-model.ts index 07b538230..28183aa16 100644 --- a/src/cli/admin/admin-train-auto-access-model.ts +++ b/src/cli/admin/admin-train-auto-access-model.ts @@ -7,7 +7,8 @@ import { FrodoCommand } from '../FrodoCommand.js'; const { trainAA } = frodo.admin; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/agent/agent-delete.ts b/src/cli/agent/agent-delete.ts index 546a9ff27..014c79459 100644 --- a/src/cli/agent/agent-delete.ts +++ b/src/cli/agent/agent-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { deleteAgent, deleteAgents } from '../../ops/AgentOps'; @@ -6,8 +6,19 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent delete'); + const program = new FrodoCommand('frodo agent delete', [], deploymentTypes); program .description('Delete agents.') @@ -29,7 +40,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // delete by id if (options.agentId) { verboseMessage( diff --git a/src/cli/agent/agent-describe.ts b/src/cli/agent/agent-describe.ts index b1fdb7920..e21812b67 100644 --- a/src/cli/agent/agent-describe.ts +++ b/src/cli/agent/agent-describe.ts @@ -4,11 +4,20 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; -const globalDeploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent describe'); + const program = new FrodoCommand('frodo agent describe', [], deploymentTypes); program .description('Describe agents.') @@ -29,7 +38,7 @@ export default function setup() { await getTokens( false, true, - options.global ? globalDeploymentTypes : undefined + options.global ? [CLASSIC_DEPLOYMENT_TYPE_KEY] : deploymentTypes ) ) { // code goes here diff --git a/src/cli/agent/agent-export.ts b/src/cli/agent/agent-export.ts index 05a4a152c..3943a25dc 100644 --- a/src/cli/agent/agent-export.ts +++ b/src/cli/agent/agent-export.ts @@ -10,11 +10,20 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; -const globalDeploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent export'); + const program = new FrodoCommand('frodo agent export', [], deploymentTypes); program .description('Export agents.') @@ -59,7 +68,7 @@ export default function setup() { await getTokens( false, true, - options.global ? globalDeploymentTypes : undefined + options.global ? [CLASSIC_DEPLOYMENT_TYPE_KEY] : deploymentTypes ) ) { // export diff --git a/src/cli/agent/agent-gateway-delete.ts b/src/cli/agent/agent-gateway-delete.ts index c5b4d1e61..01c2a1751 100644 --- a/src/cli/agent/agent-gateway-delete.ts +++ b/src/cli/agent/agent-gateway-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { @@ -9,8 +9,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent gateway delete'); + const program = new FrodoCommand( + 'frodo agent gateway delete', + [], + deploymentTypes + ); program .description('Delete identity gateway agents.') @@ -37,7 +53,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // delete by id if (options.agentId) { verboseMessage( diff --git a/src/cli/agent/agent-gateway-describe.ts b/src/cli/agent/agent-gateway-describe.ts index 8dba69bdc..983dd5545 100644 --- a/src/cli/agent/agent-gateway-describe.ts +++ b/src/cli/agent/agent-gateway-describe.ts @@ -1,10 +1,27 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent gateway describe'); + const program = new FrodoCommand( + 'frodo agent gateway describe', + [], + deploymentTypes + ); program .description('Describe gateway agents.') @@ -20,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/agent/agent-gateway-export.ts b/src/cli/agent/agent-gateway-export.ts index 848408039..13ac84672 100644 --- a/src/cli/agent/agent-gateway-export.ts +++ b/src/cli/agent/agent-gateway-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { @@ -9,8 +10,23 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent gateway export'); + const program = new FrodoCommand( + 'frodo agent gateway export', + [], + deploymentTypes + ); program .description('Export gateway agents.') @@ -50,7 +66,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // export if (options.agentId) { verboseMessage('Exporting identity gateway agent...'); diff --git a/src/cli/agent/agent-gateway-import.ts b/src/cli/agent/agent-gateway-import.ts index 98e68907b..815471863 100644 --- a/src/cli/agent/agent-gateway-import.ts +++ b/src/cli/agent/agent-gateway-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { @@ -10,8 +11,23 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent gateway import'); + const program = new FrodoCommand( + 'frodo agent gateway import', + [], + deploymentTypes + ); program .description('Import gateway agents.') @@ -45,7 +61,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // import if (options.agentId) { verboseMessage( diff --git a/src/cli/agent/agent-gateway-list.ts b/src/cli/agent/agent-gateway-list.ts index 82e405aa2..1d5386729 100644 --- a/src/cli/agent/agent-gateway-list.ts +++ b/src/cli/agent/agent-gateway-list.ts @@ -1,11 +1,27 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { listIdentityGatewayAgents } from '../../ops/AgentOps.js'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent gateway list'); + const program = new FrodoCommand( + 'frodo agent gateway list', + [], + deploymentTypes + ); program .description('List gateway agents.') @@ -23,7 +39,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { const outcome = await listIdentityGatewayAgents(options.long); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/agent/agent-import.ts b/src/cli/agent/agent-import.ts index e3985dbf7..9c07ce93f 100644 --- a/src/cli/agent/agent-import.ts +++ b/src/cli/agent/agent-import.ts @@ -11,11 +11,20 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; -const globalDeploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent import'); + const program = new FrodoCommand('frodo agent import', [], deploymentTypes); program .description('Import agents.') @@ -54,7 +63,7 @@ export default function setup() { await getTokens( false, true, - options.global ? globalDeploymentTypes : undefined + options.global ? [CLASSIC_DEPLOYMENT_TYPE_KEY] : deploymentTypes ) ) { // import diff --git a/src/cli/agent/agent-java-delete.ts b/src/cli/agent/agent-java-delete.ts index a6e209adf..db86f3f7f 100644 --- a/src/cli/agent/agent-java-delete.ts +++ b/src/cli/agent/agent-java-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { deleteJavaAgent, deleteJavaAgents } from '../../ops/AgentOps'; @@ -6,8 +6,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent java delete'); + const program = new FrodoCommand( + 'frodo agent java delete', + [], + deploymentTypes + ); program .description('Delete java agents.') @@ -31,7 +47,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // delete by id if (options.agentId) { verboseMessage( diff --git a/src/cli/agent/agent-java-describe.ts b/src/cli/agent/agent-java-describe.ts index 4305f2366..cbcdffec0 100644 --- a/src/cli/agent/agent-java-describe.ts +++ b/src/cli/agent/agent-java-describe.ts @@ -1,10 +1,27 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent java describe'); + const program = new FrodoCommand( + 'frodo agent java describe', + [], + deploymentTypes + ); program .description('Describe java agents.') @@ -20,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/agent/agent-java-export.ts b/src/cli/agent/agent-java-export.ts index b6d452092..81fd5c56e 100644 --- a/src/cli/agent/agent-java-export.ts +++ b/src/cli/agent/agent-java-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { @@ -9,8 +10,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent java export'); + const program = new FrodoCommand( + 'frodo agent java export', + [], + deploymentTypes + ); program .description('Export java agents.') @@ -50,7 +67,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // export if (options.agentId) { verboseMessage('Exporting java agent...'); diff --git a/src/cli/agent/agent-java-import.ts b/src/cli/agent/agent-java-import.ts index 91aa46418..55f0a1f96 100644 --- a/src/cli/agent/agent-java-import.ts +++ b/src/cli/agent/agent-java-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { @@ -10,8 +11,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent java import'); + const program = new FrodoCommand( + 'frodo agent java import', + [], + deploymentTypes + ); program .description('Import java agents.') @@ -45,7 +62,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // import if (options.agentId) { verboseMessage( diff --git a/src/cli/agent/agent-java-list.ts b/src/cli/agent/agent-java-list.ts index 04ec5d7aa..a96d7cd83 100644 --- a/src/cli/agent/agent-java-list.ts +++ b/src/cli/agent/agent-java-list.ts @@ -1,11 +1,28 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { listJavaAgents } from '../../ops/AgentOps.js'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent java list'); + const program = new FrodoCommand( + 'frodo agent java list', + [], + deploymentTypes + ); program .description('List java agents.') @@ -23,7 +40,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { const outcome = await listJavaAgents(options.long); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/agent/agent-list.ts b/src/cli/agent/agent-list.ts index a7e2ab5bd..a29f4dd6a 100644 --- a/src/cli/agent/agent-list.ts +++ b/src/cli/agent/agent-list.ts @@ -5,11 +5,20 @@ import { listAgents } from '../../ops/AgentOps.js'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; -const globalDeploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo agent list'); + const program = new FrodoCommand('frodo agent list', [], deploymentTypes); program .description('List agents.') @@ -32,7 +41,7 @@ export default function setup() { await getTokens( false, true, - options.global ? globalDeploymentTypes : undefined + options.global ? [CLASSIC_DEPLOYMENT_TYPE_KEY] : deploymentTypes ) ) { const outcome = await listAgents(options.long, options.global); diff --git a/src/cli/agent/agent-web-delete.ts b/src/cli/agent/agent-web-delete.ts index fecf3f8a8..8a1b61dfe 100644 --- a/src/cli/agent/agent-web-delete.ts +++ b/src/cli/agent/agent-web-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { deleteWebAgent, deleteWebAgents } from '../../ops/AgentOps'; @@ -6,8 +6,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent web delete'); + const program = new FrodoCommand( + 'frodo agent web delete', + [], + deploymentTypes + ); program .description('Delete web agents.') @@ -31,7 +47,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // delete by id if (options.agentId) { verboseMessage( diff --git a/src/cli/agent/agent-web-describe.ts b/src/cli/agent/agent-web-describe.ts index 0e99eb62a..c65863298 100644 --- a/src/cli/agent/agent-web-describe.ts +++ b/src/cli/agent/agent-web-describe.ts @@ -1,10 +1,27 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent web describe'); + const program = new FrodoCommand( + 'frodo agent web describe', + [], + deploymentTypes + ); program .description('Describe web agents.') @@ -20,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/agent/agent-web-export.ts b/src/cli/agent/agent-web-export.ts index 6c179300d..aff0704ca 100644 --- a/src/cli/agent/agent-web-export.ts +++ b/src/cli/agent/agent-web-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { @@ -9,8 +10,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent web export'); + const program = new FrodoCommand( + 'frodo agent web export', + [], + deploymentTypes + ); program .description('Export web agents.') @@ -50,7 +67,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // export if (options.agentId) { verboseMessage('Exporting web agent...'); diff --git a/src/cli/agent/agent-web-import.ts b/src/cli/agent/agent-web-import.ts index e24885b63..1eb417fa5 100644 --- a/src/cli/agent/agent-web-import.ts +++ b/src/cli/agent/agent-web-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { @@ -10,8 +11,24 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent web import'); + const program = new FrodoCommand( + 'frodo agent web import', + [], + deploymentTypes + ); program .description('Import web agents.') @@ -45,7 +62,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // import if (options.agentId) { verboseMessage( diff --git a/src/cli/agent/agent-web-list.ts b/src/cli/agent/agent-web-list.ts index d23fb2f73..7cd21e870 100644 --- a/src/cli/agent/agent-web-list.ts +++ b/src/cli/agent/agent-web-list.ts @@ -1,11 +1,24 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { listWebAgents } from '../../ops/AgentOps.js'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo agent web list'); + const program = new FrodoCommand('frodo agent web list', [], deploymentTypes); program .description('List web agents.') @@ -23,7 +36,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { const outcome = await listWebAgents(options.long); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/app/app-delete.ts b/src/cli/app/app-delete.ts index 2e359a098..88679f60e 100644 --- a/src/cli/app/app-delete.ts +++ b/src/cli/app/app-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -9,7 +10,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo app delete', [], deploymentTypes); diff --git a/src/cli/app/app-describe.ts b/src/cli/app/app-describe.ts index 06e5d3cfc..2a6f1e75c 100644 --- a/src/cli/app/app-describe.ts +++ b/src/cli/app/app-describe.ts @@ -1,10 +1,17 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo app describe', [], deploymentTypes); diff --git a/src/cli/app/app-export.ts b/src/cli/app/app-export.ts index b20757f52..c00468e91 100644 --- a/src/cli/app/app-export.ts +++ b/src/cli/app/app-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -10,7 +11,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo app export', [], deploymentTypes); diff --git a/src/cli/app/app-import.ts b/src/cli/app/app-import.ts index ace0c5202..d459a4ff6 100644 --- a/src/cli/app/app-import.ts +++ b/src/cli/app/app-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -11,7 +12,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo app import', [], deploymentTypes); diff --git a/src/cli/app/app-list.ts b/src/cli/app/app-list.ts index 16e8f7d08..b8835b4cc 100644 --- a/src/cli/app/app-list.ts +++ b/src/cli/app/app-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -6,7 +7,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo app list', [], deploymentTypes); diff --git a/src/cli/authn/authn-describe.ts b/src/cli/authn/authn-describe.ts index 4f3c6b970..f446b9000 100644 --- a/src/cli/authn/authn-describe.ts +++ b/src/cli/authn/authn-describe.ts @@ -6,11 +6,20 @@ import { describeAuthenticationSettings } from '../../ops/AuthenticationSettings import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; -const globalDeploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo authn describe'); + const program = new FrodoCommand('frodo authn describe', [], deploymentTypes); program .description('Describe authentication settings.') @@ -33,7 +42,7 @@ export default function setup() { await getTokens( false, true, - options.global ? globalDeploymentTypes : undefined + options.global ? [CLASSIC_DEPLOYMENT_TYPE_KEY] : deploymentTypes ) ) { verboseMessage(`Describing authentication settings...`); diff --git a/src/cli/authn/authn-export.ts b/src/cli/authn/authn-export.ts index 3d5da2643..5f74c33ac 100644 --- a/src/cli/authn/authn-export.ts +++ b/src/cli/authn/authn-export.ts @@ -6,11 +6,20 @@ import { exportAuthenticationSettingsToFile } from '../../ops/AuthenticationSett import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; -const globalDeploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo authn export'); + const program = new FrodoCommand('frodo authn export', [], deploymentTypes); program .description('Export authentication settings.') @@ -39,7 +48,7 @@ export default function setup() { await getTokens( false, true, - options.global ? globalDeploymentTypes : undefined + options.global ? [CLASSIC_DEPLOYMENT_TYPE_KEY] : deploymentTypes ) ) { verboseMessage('Exporting authentication settings to file...'); diff --git a/src/cli/authn/authn-import.ts b/src/cli/authn/authn-import.ts index 2461ead3a..55380433b 100644 --- a/src/cli/authn/authn-import.ts +++ b/src/cli/authn/authn-import.ts @@ -6,11 +6,20 @@ import { importAuthenticationSettingsFromFile } from '../../ops/AuthenticationSe import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; -const globalDeploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo authn import'); + const program = new FrodoCommand('frodo authn import', [], deploymentTypes); program .description('Import authentication settings.') @@ -33,7 +42,7 @@ export default function setup() { await getTokens( false, true, - options.global ? globalDeploymentTypes : undefined + options.global ? [CLASSIC_DEPLOYMENT_TYPE_KEY] : deploymentTypes ) ) { verboseMessage('Importing authentication settings from file...'); diff --git a/src/cli/authz/authz-policy-delete.ts b/src/cli/authz/authz-policy-delete.ts index 7e29dd2ce..6c0d18a9d 100644 --- a/src/cli/authz/authz-policy-delete.ts +++ b/src/cli/authz/authz-policy-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,8 +10,24 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz policy delete'); + const program = new FrodoCommand( + 'frodo authz policy delete', + [], + deploymentTypes + ); program .description('Delete authorization policies.') @@ -41,13 +58,20 @@ export default function setup() { command ); // delete by id - if (options.policyId && (await getTokens())) { + if ( + options.policyId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Deleting authorization policy...'); const outcome = await deletePolicyById(options.policyId); if (!outcome) process.exitCode = 1; } // --all -a by policy set - else if (options.setId && options.all && (await getTokens())) { + else if ( + options.setId && + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Deleting all authorization policies in policy set ${options.setId}...` ); @@ -55,7 +79,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Deleting all authorization policies...'); const outcome = await deletePolicies(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-policy-describe.ts b/src/cli/authz/authz-policy-describe.ts index 904b5eb61..8a3824aa2 100644 --- a/src/cli/authz/authz-policy-describe.ts +++ b/src/cli/authz/authz-policy-describe.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { describePolicy } from '../../ops/PolicyOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz policy describe'); + const program = new FrodoCommand( + 'frodo authz policy describe', + [], + deploymentTypes + ); program .description('Describe authorization policies.') @@ -28,7 +45,10 @@ export default function setup() { options, command ); - if (options.policyId && (await getTokens())) { + if ( + options.policyId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Describing authorization policy ${options.policyId}...` ); diff --git a/src/cli/authz/authz-policy-export.ts b/src/cli/authz/authz-policy-export.ts index 948a7f20c..4cc808cd0 100644 --- a/src/cli/authz/authz-policy-export.ts +++ b/src/cli/authz/authz-policy-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,8 +12,24 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz policy export'); + const program = new FrodoCommand( + 'frodo authz policy export', + [], + deploymentTypes + ); program .description('Export authorization policies.') @@ -68,7 +85,10 @@ export default function setup() { command ); // export - if (options.policyId && (await getTokens())) { + if ( + options.policyId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting authorization policy to file...'); const outcome = await exportPolicyToFile( options.policyId, @@ -83,7 +103,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all by policy set - else if (options.setId && options.all && (await getTokens())) { + else if ( + options.setId && + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Exporting all authorization policies in policy set ${options.setId} to file...` ); @@ -100,7 +124,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all authorization policies to file...'); const outcome = await exportPoliciesToFile( options.file, @@ -114,7 +141,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate by policy set - else if (options.setId && options.allSeparate && (await getTokens())) { + else if ( + options.setId && + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Exporting all authorization policies in policy set ${options.setId} to separate files...` ); @@ -130,7 +161,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Exporting all authorization policies to separate files...' ); diff --git a/src/cli/authz/authz-policy-import.ts b/src/cli/authz/authz-policy-import.ts index f1464a33e..797377a25 100644 --- a/src/cli/authz/authz-policy-import.ts +++ b/src/cli/authz/authz-policy-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,24 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz policy import'); + const program = new FrodoCommand( + 'frodo authz policy import', + [], + deploymentTypes + ); program .description('Import authorization policies.') @@ -61,7 +78,10 @@ export default function setup() { command ); // import - if (options.policyId && (await getTokens())) { + if ( + options.policyId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing authorization policy from file...'); const outcome = await importPolicyFromFile( options.policyId, @@ -75,7 +95,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing all authorization policies from file...'); const outcome = await importPoliciesFromFile(options.file, { deps: options.deps, @@ -85,7 +108,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all authorization policies from separate files...' ); @@ -97,7 +123,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first policy set from file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing first authorization policy from file "${options.file}"...` ); diff --git a/src/cli/authz/authz-policy-list.ts b/src/cli/authz/authz-policy-list.ts index 3ab7b6cde..cff3351d0 100644 --- a/src/cli/authz/authz-policy-list.ts +++ b/src/cli/authz/authz-policy-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { listPolicies, listPoliciesByPolicySet } from '../../ops/PolicyOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz policy list'); + const program = new FrodoCommand( + 'frodo authz policy list', + [], + deploymentTypes + ); program .description('List authorization policies.') @@ -26,7 +43,7 @@ export default function setup() { command ); // by policy set - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Listing authorization policies in policy set ${options.setId}...` ); @@ -37,7 +54,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // all policies - else if (await getTokens()) { + else if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing authorization policies...`); const outcome = await listPolicies(options.long); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-set-delete.ts b/src/cli/authz/authz-set-delete.ts index 2aa2112ed..5af9356f5 100644 --- a/src/cli/authz/authz-set-delete.ts +++ b/src/cli/authz/authz-set-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { deletePolicySetById, deletePolicySets } from '../../ops/PolicySetOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz set delete'); + const program = new FrodoCommand( + 'frodo authz set delete', + [], + deploymentTypes + ); program .description('Delete authorization policy sets.') @@ -29,13 +46,16 @@ export default function setup() { command ); // delete by id - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting authorization policy set...'); const outcome = await deletePolicySetById(options.setId); if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Deleting all authorization policy sets...'); const outcome = await deletePolicySets(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-set-describe.ts b/src/cli/authz/authz-set-describe.ts index 611ec0711..50a0f2bd4 100644 --- a/src/cli/authz/authz-set-describe.ts +++ b/src/cli/authz/authz-set-describe.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { describePolicySet } from '../../ops/PolicySetOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz set describe'); + const program = new FrodoCommand( + 'frodo authz set describe', + [], + deploymentTypes + ); program .description('Describe authorization policy sets.') @@ -28,7 +45,7 @@ export default function setup() { options, command ); - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Describing authorization policy set ${options.setId}...` ); diff --git a/src/cli/authz/authz-set-export.ts b/src/cli/authz/authz-set-export.ts index 969a545e0..17489d21c 100644 --- a/src/cli/authz/authz-set-export.ts +++ b/src/cli/authz/authz-set-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,8 +10,24 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz set export'); + const program = new FrodoCommand( + 'frodo authz set export', + [], + deploymentTypes + ); program .description('Export authorization policy sets.') @@ -60,7 +77,7 @@ export default function setup() { command ); // export - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting authorization policy set to file...'); const outcome = await exportPolicySetToFile( options.setId, @@ -75,7 +92,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all authorization policy sets to file...'); const outcome = await exportPolicySetsToFile( options.file, @@ -89,7 +109,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Exporting all authorization policy sets to separate files...' ); diff --git a/src/cli/authz/authz-set-import.ts b/src/cli/authz/authz-set-import.ts index 1c1d7ed0f..f24a29c3b 100644 --- a/src/cli/authz/authz-set-import.ts +++ b/src/cli/authz/authz-set-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,24 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz set import'); + const program = new FrodoCommand( + 'frodo authz set import', + [], + deploymentTypes + ); program .description('Import authorization policy sets.') @@ -55,7 +72,7 @@ export default function setup() { command ); // import - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing authorization policy set from file...'); const outcome = await importPolicySetFromFile( options.setId, @@ -68,7 +85,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all authorization policy sets from file...' ); @@ -79,7 +99,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all authorization policy sets from separate files...' ); @@ -90,7 +113,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first policy set from file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing first authorization policy set from file "${options.file}"...` ); diff --git a/src/cli/authz/authz-set-list.ts b/src/cli/authz/authz-set-list.ts index 891207b46..be24da6d8 100644 --- a/src/cli/authz/authz-set-list.ts +++ b/src/cli/authz/authz-set-list.ts @@ -1,10 +1,24 @@ +import { frodo } from '@rockcarver/frodo-lib'; + import { getTokens } from '../../ops/AuthenticateOps'; import { listPolicySets } from '../../ops/PolicySetOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz set list'); + const program = new FrodoCommand('frodo authz set list', [], deploymentTypes); program.description('List authorization policy sets.').action( // implement command logic inside action handler @@ -17,7 +31,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage('Listing authorization policy sets...'); const outcome = await listPolicySets(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-type-delete.ts b/src/cli/authz/authz-type-delete.ts index bb6bcc506..6143b10d0 100644 --- a/src/cli/authz/authz-type-delete.ts +++ b/src/cli/authz/authz-type-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,8 +10,24 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz type delete'); + const program = new FrodoCommand( + 'frodo authz type delete', + [], + deploymentTypes + ); program .description('Delete authorization resource types.') @@ -44,19 +61,25 @@ export default function setup() { command ); // delete by uuid - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting authorization resource type...'); const outcome = await deleteResourceTypeById(options.typeId); if (!outcome) process.exitCode = 1; } // delete by name - else if (options.typeName && (await getTokens())) { + else if ( + options.typeName && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Deleting authorization resource type...'); const outcome = await deleteResourceTypeUsingName(options.typeName); if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Deleting all authorization resource types...'); const outcome = await deleteResourceTypes(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-type-describe.ts b/src/cli/authz/authz-type-describe.ts index a9414a1f0..7b8c8a79a 100644 --- a/src/cli/authz/authz-type-describe.ts +++ b/src/cli/authz/authz-type-describe.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -8,8 +9,24 @@ import { import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz type describe'); + const program = new FrodoCommand( + 'frodo authz type describe', + [], + deploymentTypes + ); program .description('Describe authorization resource types.') @@ -27,14 +44,17 @@ export default function setup() { options, command ); - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage(`Describing authorization resource type by uuid...`); const outcome = await describeResourceType( options.typeId, options.json ); if (!outcome) process.exitCode = 1; - } else if (options.typeName && (await getTokens())) { + } else if ( + options.typeName && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage(`Describing authorization resource type by name...`); const outcome = await describeResourceTypeByName( options.typeName, diff --git a/src/cli/authz/authz-type-export.ts b/src/cli/authz/authz-type-export.ts index 1d3842e8f..cd35abfe0 100644 --- a/src/cli/authz/authz-type-export.ts +++ b/src/cli/authz/authz-type-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,24 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz type export'); + const program = new FrodoCommand( + 'frodo authz type export', + [], + deploymentTypes + ); program .description('Export authorization resource types.') @@ -58,7 +75,7 @@ export default function setup() { command ); // export by uuid - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting authorization resource type to file...'); const outcome = await exportResourceTypeToFile( options.typeId, @@ -68,7 +85,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // export by name - else if (options.typeName && (await getTokens())) { + else if ( + options.typeName && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting authorization resource type to file...'); const outcome = await exportResourceTypeByNameToFile( options.typeName, @@ -78,7 +98,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Exporting all authorization resource types to file...' ); @@ -89,7 +112,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Exporting all authorization resource types to separate files...' ); diff --git a/src/cli/authz/authz-type-import.ts b/src/cli/authz/authz-type-import.ts index 0d02565c7..16675c636 100644 --- a/src/cli/authz/authz-type-import.ts +++ b/src/cli/authz/authz-type-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,8 +12,24 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz type import'); + const program = new FrodoCommand( + 'frodo authz type import', + [], + deploymentTypes + ); program .description('Import authorization resource types.') @@ -53,7 +70,7 @@ export default function setup() { command ); // import by uuid - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing authorization resource type by uuid from file...' ); @@ -64,7 +81,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import by name - else if (options.typeName && (await getTokens())) { + else if ( + options.typeName && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing authorization resource type by name from file...' ); @@ -75,7 +95,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all authorization resource types from file...' ); @@ -83,7 +106,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all authorization resource types from separate files...' ); @@ -91,7 +117,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing first authorization resource type from file "${options.file}"...` ); diff --git a/src/cli/authz/authz-type-list.ts b/src/cli/authz/authz-type-list.ts index 6d065af36..45498dcda 100644 --- a/src/cli/authz/authz-type-list.ts +++ b/src/cli/authz/authz-type-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { listResourceTypes } from '../../ops/ResourceTypeOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo authz type list'); + const program = new FrodoCommand( + 'frodo authz type list', + [], + deploymentTypes + ); program .description('List authorization resource types.') @@ -24,7 +41,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage('Listing resource types...'); const outcome = await listResourceTypes(options.long); if (!outcome) process.exitCode = 1; diff --git a/src/cli/config/config-delete.ts b/src/cli/config/config-delete.ts index 2664548a9..fe8453c6b 100644 --- a/src/cli/config/config-delete.ts +++ b/src/cli/config/config-delete.ts @@ -1,10 +1,25 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo config delete'); + const program = new FrodoCommand('frodo config delete', [], deploymentTypes); program .description('Delete full cloud configuration.') @@ -37,7 +52,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/config/config-describe.ts b/src/cli/config/config-describe.ts index c018e98db..9dbc0f2e8 100644 --- a/src/cli/config/config-describe.ts +++ b/src/cli/config/config-describe.ts @@ -1,10 +1,29 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo config describe'); + const program = new FrodoCommand( + 'frodo config describe', + [], + deploymentTypes + ); program .description('Describe full cloud configuration.') @@ -20,7 +39,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/config/config-export.ts b/src/cli/config/config-export.ts index 4b9056ecf..f99a88f68 100644 --- a/src/cli/config/config-export.ts +++ b/src/cli/config/config-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -10,8 +10,22 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo config export'); + const program = new FrodoCommand('frodo config export', [], deploymentTypes); program .description( @@ -148,7 +162,7 @@ export default function setup() { command ); // --all -a - if (options.all && (await getTokens())) { + if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting everything to a single file...'); const outcome = await exportEverythingToFile( options.file, @@ -177,7 +191,10 @@ export default function setup() { process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting everything to separate files...'); const outcome = await exportEverythingToFiles( options.extract, diff --git a/src/cli/config/config-import.ts b/src/cli/config/config-import.ts index a466a39ee..ac1c589f4 100644 --- a/src/cli/config/config-import.ts +++ b/src/cli/config/config-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -11,8 +11,22 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo config import'); + const program = new FrodoCommand('frodo config import', [], deploymentTypes); program .description('Import full cloud configuration.') @@ -113,7 +127,10 @@ export default function setup() { process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting everything from a single file...'); const outcome = await importEverythingFromFile(options.file, { reUuidJourneys: options.reUuidJourneys, @@ -135,7 +152,10 @@ export default function setup() { process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing everything from separate files...'); const outcome = await importEverythingFromFiles({ reUuidJourneys: options.reUuidJourneys, @@ -148,7 +168,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // Import entity from file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing config entity from file...'); const outcome = await importEntityfromFile( options.file, diff --git a/src/cli/config/config-list.ts b/src/cli/config/config-list.ts index 789cadb57..00d08ff00 100644 --- a/src/cli/config/config-list.ts +++ b/src/cli/config/config-list.ts @@ -1,10 +1,25 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo config list'); + const program = new FrodoCommand('frodo config list', [], deploymentTypes); program .description('List full cloud configuration.') @@ -22,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/email/email-template-export.ts b/src/cli/email/email-template-export.ts index 06cc375dc..82289b099 100644 --- a/src/cli/email/email-template-export.ts +++ b/src/cli/email/email-template-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +10,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/email/email-template-import.ts b/src/cli/email/email-template-import.ts index 5c5eebcff..4f85249a9 100644 --- a/src/cli/email/email-template-import.ts +++ b/src/cli/email/email-template-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +11,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/email/email-template-list.ts b/src/cli/email/email-template-list.ts index fa60fbba7..091161a7b 100644 --- a/src/cli/email/email-template-list.ts +++ b/src/cli/email/email-template-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,17 @@ import { listEmailTemplates } from '../../ops/EmailTemplateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-apply.ts b/src/cli/esv/esv-apply.ts index 074c41edb..6bc16cc1e 100644 --- a/src/cli/esv/esv-apply.ts +++ b/src/cli/esv/esv-apply.ts @@ -9,7 +9,8 @@ import { FrodoCommand } from '../FrodoCommand'; const { checkForUpdates, applyUpdates } = frodo.cloud.startup; const { resolveUserName } = frodo.idm.managed; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-create.ts b/src/cli/esv/esv-secret-create.ts index 9fd80bc7b..44fd6ee12 100644 --- a/src/cli/esv/esv-secret-create.ts +++ b/src/cli/esv/esv-secret-create.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { createSecret, createSecretFromFile } from '../../ops/cloud/SecretsOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-delete.ts b/src/cli/esv/esv-secret-delete.ts index ff91853c1..7d6375642 100644 --- a/src/cli/esv/esv-secret-delete.ts +++ b/src/cli/esv/esv-secret-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { deleteSecret, deleteSecrets } from '../../ops/cloud/SecretsOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-describe.ts b/src/cli/esv/esv-secret-describe.ts index 70c948ed0..3f56aab66 100644 --- a/src/cli/esv/esv-secret-describe.ts +++ b/src/cli/esv/esv-secret-describe.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { describeSecret } from '../../ops/cloud/SecretsOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-export.ts b/src/cli/esv/esv-secret-export.ts index 2fe8f6143..f1e37f84f 100644 --- a/src/cli/esv/esv-secret-export.ts +++ b/src/cli/esv/esv-secret-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -11,7 +11,8 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-import.ts b/src/cli/esv/esv-secret-import.ts index c5073bf86..b87e521f0 100644 --- a/src/cli/esv/esv-secret-import.ts +++ b/src/cli/esv/esv-secret-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import * as s from '../../help/SampleData'; @@ -10,7 +11,8 @@ import { import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-list.ts b/src/cli/esv/esv-secret-list.ts index dca5dbd5f..394540601 100644 --- a/src/cli/esv/esv-secret-list.ts +++ b/src/cli/esv/esv-secret-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { listSecrets } from '../../ops/cloud/SecretsOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-set.ts b/src/cli/esv/esv-secret-set.ts index 612fb88f9..f1f65a4a5 100644 --- a/src/cli/esv/esv-secret-set.ts +++ b/src/cli/esv/esv-secret-set.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { setSecretDescription } from '../../ops/cloud/SecretsOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-version-activate.ts b/src/cli/esv/esv-secret-version-activate.ts index e11a8e989..a5f288b8f 100644 --- a/src/cli/esv/esv-secret-version-activate.ts +++ b/src/cli/esv/esv-secret-version-activate.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { activateVersionOfSecret } from '../../ops/cloud/SecretsOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-version-create.ts b/src/cli/esv/esv-secret-version-create.ts index 98fe199ba..3fe759e7d 100644 --- a/src/cli/esv/esv-secret-version-create.ts +++ b/src/cli/esv/esv-secret-version-create.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -8,7 +9,8 @@ import { import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-version-deactivate.ts b/src/cli/esv/esv-secret-version-deactivate.ts index 743ddec0a..0d5dc8e71 100644 --- a/src/cli/esv/esv-secret-version-deactivate.ts +++ b/src/cli/esv/esv-secret-version-deactivate.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { deactivateVersionOfSecret } from '../../ops/cloud/SecretsOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-version-delete.ts b/src/cli/esv/esv-secret-version-delete.ts index bcc6ad943..5a39fe878 100644 --- a/src/cli/esv/esv-secret-version-delete.ts +++ b/src/cli/esv/esv-secret-version-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { deleteVersionOfSecret } from '../../ops/cloud/SecretsOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-secret-version-list.ts b/src/cli/esv/esv-secret-version-list.ts index cde3659a2..024184139 100644 --- a/src/cli/esv/esv-secret-version-list.ts +++ b/src/cli/esv/esv-secret-version-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { listSecretVersions } from '../../ops/cloud/SecretsOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-variable-create.ts b/src/cli/esv/esv-variable-create.ts index f3b1fe838..2bc8e3fe7 100644 --- a/src/cli/esv/esv-variable-create.ts +++ b/src/cli/esv/esv-variable-create.ts @@ -1,10 +1,13 @@ +import { frodo } from '@rockcarver/frodo-lib'; + import * as s from '../../help/SampleData'; import { getTokens } from '../../ops/AuthenticateOps'; import { createVariable } from '../../ops/cloud/VariablesOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-variable-delete.ts b/src/cli/esv/esv-variable-delete.ts index c586f7487..74fdc3e53 100644 --- a/src/cli/esv/esv-variable-delete.ts +++ b/src/cli/esv/esv-variable-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -8,7 +9,8 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-variable-describe.ts b/src/cli/esv/esv-variable-describe.ts index b05da3477..c04cc04ed 100644 --- a/src/cli/esv/esv-variable-describe.ts +++ b/src/cli/esv/esv-variable-describe.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { describeVariable } from '../../ops/cloud/VariablesOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-variable-export.ts b/src/cli/esv/esv-variable-export.ts index 4acf1e7c1..3a5a01900 100644 --- a/src/cli/esv/esv-variable-export.ts +++ b/src/cli/esv/esv-variable-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +10,8 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-variable-import.ts b/src/cli/esv/esv-variable-import.ts index e2f27af0f..1b138db9e 100644 --- a/src/cli/esv/esv-variable-import.ts +++ b/src/cli/esv/esv-variable-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,7 +10,8 @@ import { import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-variable-list.ts b/src/cli/esv/esv-variable-list.ts index 78756fad0..90850312c 100644 --- a/src/cli/esv/esv-variable-list.ts +++ b/src/cli/esv/esv-variable-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { listVariables } from '../../ops/cloud/VariablesOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/esv/esv-variable-set.ts b/src/cli/esv/esv-variable-set.ts index 4372a9a6a..54e57f602 100644 --- a/src/cli/esv/esv-variable-set.ts +++ b/src/cli/esv/esv-variable-set.ts @@ -1,3 +1,5 @@ +import { frodo } from '@rockcarver/frodo-lib'; + import { getTokens } from '../../ops/AuthenticateOps'; import { setVariableDescription, @@ -6,7 +8,8 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/idm/idm-count.ts b/src/cli/idm/idm-count.ts index e541c44a9..67becab9b 100644 --- a/src/cli/idm/idm-count.ts +++ b/src/cli/idm/idm-count.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,17 @@ import { countManagedObjects } from '../../ops/IdmOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo idm count', [], deploymentTypes); diff --git a/src/cli/idm/idm-delete.ts b/src/cli/idm/idm-delete.ts index 4f5c779fa..958a2abf6 100644 --- a/src/cli/idm/idm-delete.ts +++ b/src/cli/idm/idm-delete.ts @@ -1,11 +1,24 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { deleteConfigEntityById } from '../../ops/IdmOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo idm delete'); + const program = new FrodoCommand('frodo idm delete', [], deploymentTypes); interface ServiceDeleteOptions { id?: string; @@ -41,7 +54,7 @@ export default function setup() { // const globalConfig = options.global ?? false; - if (options.id && (await getTokens())) { + if (options.id && (await getTokens(false, true, deploymentTypes))) { const outcome = await deleteConfigEntityById(options.id); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/idm/idm-export.ts b/src/cli/idm/idm-export.ts index 1ed3ced81..fabe52834 100644 --- a/src/cli/idm/idm-export.ts +++ b/src/cli/idm/idm-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,7 +11,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo idm export', [], deploymentTypes); diff --git a/src/cli/idm/idm-import.ts b/src/cli/idm/idm-import.ts index a191828aa..1d3c9f94f 100644 --- a/src/cli/idm/idm-import.ts +++ b/src/cli/idm/idm-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,7 +11,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo idm import', [], deploymentTypes); diff --git a/src/cli/idm/idm-list.ts b/src/cli/idm/idm-list.ts index acad9e4bf..b23428526 100644 --- a/src/cli/idm/idm-list.ts +++ b/src/cli/idm/idm-list.ts @@ -1,3 +1,5 @@ +import { frodo } from '@rockcarver/frodo-lib'; + import { getTokens } from '../../ops/AuthenticateOps'; import { listAllConfigEntities, @@ -6,7 +8,17 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo idm list', [], deploymentTypes); diff --git a/src/cli/idm/idm-schema-object-export.ts b/src/cli/idm/idm-schema-object-export.ts index e766b1156..2368b02cf 100644 --- a/src/cli/idm/idm-schema-object-export.ts +++ b/src/cli/idm/idm-schema-object-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +10,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/idm/idm-schema-object-import.ts b/src/cli/idm/idm-schema-object-import.ts index d8f66ea4c..c412af003 100644 --- a/src/cli/idm/idm-schema-object-import.ts +++ b/src/cli/idm/idm-schema-object-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +10,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/idm/idm.ts b/src/cli/idm/idm.ts index ab54df7f8..4132d8e96 100644 --- a/src/cli/idm/idm.ts +++ b/src/cli/idm/idm.ts @@ -20,8 +20,8 @@ export default function setup() { program.addCommand(CountCmd().name('count')); program.addCommand(Schema().name('schema')); - + program.addCommand(DeleteCmd().name(`delete`)); - + return program; } diff --git a/src/cli/idp/idp-delete.ts b/src/cli/idp/idp-delete.ts index 9a6565801..b9063b695 100644 --- a/src/cli/idp/idp-delete.ts +++ b/src/cli/idp/idp-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,20 @@ import { deleteSocialIdentityProviderById } from '../../ops/IdpOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo idp delete'); + const program = new FrodoCommand('frodo idp delete', [], deploymentTypes); program .description('Delete (social) identity providers.') @@ -23,7 +35,7 @@ export default function setup() { options, command ); - if ((await getTokens()) && options.idpId) { + if ((await getTokens(false, true, deploymentTypes)) && options.idpId) { verboseMessage( `Deleting idp ${options.idpId} in realm "${state.getRealm()}"...` ); diff --git a/src/cli/idp/idp-export.ts b/src/cli/idp/idp-export.ts index 50ded2e85..19e3c386a 100644 --- a/src/cli/idp/idp-export.ts +++ b/src/cli/idp/idp-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +10,19 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo idp export'); + const program = new FrodoCommand('frodo idp export', [], deploymentTypes); program .description('Export (social) identity providers.') @@ -57,7 +68,7 @@ export default function setup() { command ); // export by id/name - if (options.idpId && (await getTokens())) { + if (options.idpId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Exporting provider "${ options.idpId @@ -71,7 +82,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all providers to a single file...'); const outcome = await exportSocialIdentityProvidersToFile( options.file, @@ -80,7 +94,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all providers to separate files...'); const outcome = await exportSocialIdentityProvidersToFiles( options.metadata diff --git a/src/cli/idp/idp-import.ts b/src/cli/idp/idp-import.ts index 8fe05cb10..2bb7cd2b7 100644 --- a/src/cli/idp/idp-import.ts +++ b/src/cli/idp/idp-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,8 +11,19 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo idp import'); + const program = new FrodoCommand('frodo idp import', [], deploymentTypes); program .description('Import (social) identity providers.') @@ -55,7 +66,11 @@ export default function setup() { command ); // import by id - if (options.file && options.idpId && (await getTokens())) { + if ( + options.file && + options.idpId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing provider "${ options.idpId @@ -71,7 +86,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if ( + options.all && + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing all providers from a single file (${options.file})...` ); @@ -84,7 +103,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if ( + options.allSeparate && + !options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all providers from separate files in current directory...' ); @@ -94,7 +117,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first provider from file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing first provider from file "${ options.file diff --git a/src/cli/idp/idp-list.ts b/src/cli/idp/idp-list.ts index 85e0e15b1..f27df38f7 100644 --- a/src/cli/idp/idp-list.ts +++ b/src/cli/idp/idp-list.ts @@ -1,12 +1,23 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { getTokens } from '../../ops/AuthenticateOps'; import { listSocialProviders } from '../../ops/IdpOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo idp list'); + const program = new FrodoCommand('frodo idp list', [], deploymentTypes); program .description('List (social) identity providers.') @@ -24,7 +35,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing providers in realm "${state.getRealm()}"...`); const outcome = await listSocialProviders(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/journey/journey-delete.ts b/src/cli/journey/journey-delete.ts index f29e99cc9..adf38aa7a 100644 --- a/src/cli/journey/journey-delete.ts +++ b/src/cli/journey/journey-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,19 @@ import { deleteJourney, deleteJourneys } from '../../ops/JourneyOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('frodo journey delete'); + const program = new FrodoCommand('frodo journey delete', [], deploymentTypes); program .description('Delete journeys/trees.') @@ -47,7 +58,10 @@ export default function setup() { command ); // delete by id - if (options.journeyId && (await getTokens())) { + if ( + options.journeyId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Deleting journey ${ options.journeyId @@ -57,7 +71,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Deleting all journeys...'); const outcome = await deleteJourneys(options); if (!outcome) process.exitCode = 1; diff --git a/src/cli/journey/journey-describe.ts b/src/cli/journey/journey-describe.ts index 83cdc1fd6..2d04def0c 100644 --- a/src/cli/journey/journey-describe.ts +++ b/src/cli/journey/journey-describe.ts @@ -7,12 +7,27 @@ import { describeJourney, describeJourneyMd } from '../../ops/JourneyOps'; import { printError, printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; const { saveTextToFile } = frodo.utils; const { createFileParamTreeExportResolver, readJourneys, exportJourney } = frodo.authn.journey; export default function setup() { - const program = new FrodoCommand('frodo journey describe'); + const program = new FrodoCommand( + 'frodo journey describe', + [], + deploymentTypes + ); program .description( @@ -137,7 +152,7 @@ export default function setup() { printMessage(error.message, 'error'); process.exitCode = 1; } - } else if (await getTokens()) { + } else if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Describing journey(s) in realm "${state.getRealm()}"...` ); diff --git a/src/cli/journey/journey-disable.ts b/src/cli/journey/journey-disable.ts index e8202da4b..29e01a1bb 100644 --- a/src/cli/journey/journey-disable.ts +++ b/src/cli/journey/journey-disable.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { disableJourney } from '../../ops/JourneyOps'; import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo journey disable'); + const program = new FrodoCommand( + 'frodo journey disable', + [], + deploymentTypes + ); program .description('Disable journeys/trees.') @@ -31,7 +48,10 @@ export default function setup() { command ); // disable - if (options.journeyId && (await getTokens())) { + if ( + options.journeyId && + (await getTokens(false, true, deploymentTypes)) + ) { const outcome = await disableJourney(options.journeyId); if (!outcome) process.exitCode = 1; } diff --git a/src/cli/journey/journey-enable.ts b/src/cli/journey/journey-enable.ts index f1aef769a..10d81eb5c 100644 --- a/src/cli/journey/journey-enable.ts +++ b/src/cli/journey/journey-enable.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,20 @@ import { enableJourney } from '../../ops/JourneyOps'; import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo journey enable'); + const program = new FrodoCommand('frodo journey enable', [], deploymentTypes); program .description('Enable journeys/trees.') @@ -31,7 +44,10 @@ export default function setup() { command ); // enable - if (options.journeyId && (await getTokens())) { + if ( + options.journeyId && + (await getTokens(false, true, deploymentTypes)) + ) { const outcome = await enableJourney(options.journeyId); if (!outcome) process.exitCode = 1; } diff --git a/src/cli/journey/journey-export.ts b/src/cli/journey/journey-export.ts index 04ec0095c..258bb6182 100644 --- a/src/cli/journey/journey-export.ts +++ b/src/cli/journey/journey-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,8 +10,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo journey export'); + const program = new FrodoCommand('frodo journey export', [], deploymentTypes); program .description('Export journeys/trees.') @@ -83,7 +96,10 @@ export default function setup() { command ); // export - if (options.journeyId && (await getTokens())) { + if ( + options.journeyId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting journey...'); const outcome = await exportJourneyToFile( options.journeyId, @@ -98,7 +114,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all journeys to a single file...'); const outcome = await exportJourneysToFile( options.file, @@ -112,7 +131,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all journeys to separate files...'); const outcome = await exportJourneysToFiles(options.metadata, { useStringArrays: options.useStringArrays, diff --git a/src/cli/journey/journey-import.ts b/src/cli/journey/journey-import.ts index 015138c0a..42570b110 100644 --- a/src/cli/journey/journey-import.ts +++ b/src/cli/journey/journey-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,20 @@ import { import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo journey import'); + const program = new FrodoCommand('frodo journey import', [], deploymentTypes); program .description('Import journey/tree.') @@ -63,7 +76,10 @@ export default function setup() { command ); // import - if (options.journeyId && (await getTokens())) { + if ( + options.journeyId && + (await getTokens(false, true, deploymentTypes)) + ) { printMessage(`Importing journey ${options.journeyId}...`); const outcome = await importJourneyFromFile( options.journeyId, @@ -76,7 +92,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if ( + options.all && + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { printMessage( `Importing all journeys from a single file (${options.file})...` ); @@ -87,7 +107,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if ( + options.allSeparate && + !options.file && + (await getTokens(false, true, deploymentTypes)) + ) { printMessage( 'Importing all journeys from separate files in current directory...' ); @@ -98,7 +122,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first journey in file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { printMessage('Importing first journey in file...'); const outcome = await importFirstJourneyFromFile(options.file, { reUuid: options.reUuid, diff --git a/src/cli/journey/journey-list.ts b/src/cli/journey/journey-list.ts index 8f9cf6971..e016a6a3b 100644 --- a/src/cli/journey/journey-list.ts +++ b/src/cli/journey/journey-list.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,20 @@ import { listJourneys } from '../../ops/JourneyOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo journey list'); + const program = new FrodoCommand('frodo journey list', [], deploymentTypes); program .description('List journeys/trees.') @@ -28,7 +40,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing journeys in realm "${state.getRealm()}"...`); const outcome = await listJourneys(options.long, options.analyze); if (!outcome) process.exitCode = 1; diff --git a/src/cli/journey/journey-prune.ts b/src/cli/journey/journey-prune.ts index 5def4a994..7d6cb4981 100644 --- a/src/cli/journey/journey-prune.ts +++ b/src/cli/journey/journey-prune.ts @@ -7,8 +7,20 @@ import { FrodoCommand } from '../FrodoCommand'; const { findOrphanedNodes, removeOrphanedNodes } = frodo.authn.node; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo journey prune'); + const program = new FrodoCommand('frodo journey prune', [], deploymentTypes); program .description( @@ -25,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Pruning orphaned configuration artifacts in realm "${state.getRealm()}"...` ); diff --git a/src/cli/log/log-fetch.ts b/src/cli/log/log-fetch.ts index 48d92eb22..e980da2a2 100644 --- a/src/cli/log/log-fetch.ts +++ b/src/cli/log/log-fetch.ts @@ -16,7 +16,8 @@ const SECONDS_IN_1_HOUR = 3600; const LOG_TIME_WINDOW_MAX = SECONDS_IN_30_DAYS; const LOG_TIME_WINDOW_INCREMENT = 1; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/log/log-key-delete.ts b/src/cli/log/log-key-delete.ts index a6d7a0d9f..fbc5409ee 100644 --- a/src/cli/log/log-key-delete.ts +++ b/src/cli/log/log-key-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { deleteLogApiKey, deleteLogApiKeys } from '../../ops/LogOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/log/log-key-describe.ts b/src/cli/log/log-key-describe.ts index e4ac9c76e..b100b918d 100644 --- a/src/cli/log/log-key-describe.ts +++ b/src/cli/log/log-key-describe.ts @@ -1,9 +1,11 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/log/log-key-list.ts b/src/cli/log/log-key-list.ts index d0db3c9ab..705e882ad 100644 --- a/src/cli/log/log-key-list.ts +++ b/src/cli/log/log-key-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,8 @@ import { listLogApiKeys } from '../../ops/LogOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/log/log-list.ts b/src/cli/log/log-list.ts index 6292243c3..f30f5f948 100644 --- a/src/cli/log/log-list.ts +++ b/src/cli/log/log-list.ts @@ -9,7 +9,8 @@ import { FrodoCommand } from '../FrodoCommand'; const { getConnectionProfile, saveConnectionProfile } = frodo.conn; const { getLogSources } = frodo.cloud.log; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/log/log-tail.ts b/src/cli/log/log-tail.ts index 205b801e0..c2c7b92e7 100644 --- a/src/cli/log/log-tail.ts +++ b/src/cli/log/log-tail.ts @@ -11,7 +11,8 @@ import { sourcesOptionM } from './log'; const { resolveLevel } = frodo.cloud.log; const { getConnectionProfile, saveConnectionProfile } = frodo.conn; -const deploymentTypes = ['cloud']; +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/mapping/mapping-delete.ts b/src/cli/mapping/mapping-delete.ts index df53cca76..a585cf9fe 100644 --- a/src/cli/mapping/mapping-delete.ts +++ b/src/cli/mapping/mapping-delete.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,17 @@ import { deleteMapping, deleteMappings } from '../../ops/MappingOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo mapping delete', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-export.ts b/src/cli/mapping/mapping-export.ts index 72f4fca51..05c234e3b 100644 --- a/src/cli/mapping/mapping-export.ts +++ b/src/cli/mapping/mapping-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,7 +10,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo mapping export', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-import.ts b/src/cli/mapping/mapping-import.ts index 752069460..f259169f6 100644 --- a/src/cli/mapping/mapping-import.ts +++ b/src/cli/mapping/mapping-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +11,17 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo mapping import', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-list.ts b/src/cli/mapping/mapping-list.ts index b12b56a12..5fe44e9eb 100644 --- a/src/cli/mapping/mapping-list.ts +++ b/src/cli/mapping/mapping-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,17 @@ import { listMappings } from '../../ops/MappingOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo mapping list', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-rename.ts b/src/cli/mapping/mapping-rename.ts index 95d293fc9..ab3471fc7 100644 --- a/src/cli/mapping/mapping-rename.ts +++ b/src/cli/mapping/mapping-rename.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,7 +6,17 @@ import { renameMapping, renameMappings } from '../../ops/MappingOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo mapping rename', [], deploymentTypes); diff --git a/src/cli/oauth/oauth-client-delete.ts b/src/cli/oauth/oauth-client-delete.ts index 39defb09d..0ab8ec940 100644 --- a/src/cli/oauth/oauth-client-delete.ts +++ b/src/cli/oauth/oauth-client-delete.ts @@ -1,11 +1,28 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { deleteOauth2ClientById } from '../../ops/OAuth2ClientOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo oauth client delete'); + const program = new FrodoCommand( + 'frodo oauth client delete', + [], + deploymentTypes + ); program .description('Delete OAuth2 clients.') @@ -35,7 +52,7 @@ export default function setup() { options, command ); - if (options.appId && (await getTokens())) { + if (options.appId && (await getTokens(false, true, deploymentTypes))) { const outcome = deleteOauth2ClientById(options.appId); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/oauth/oauth-client-describe.ts b/src/cli/oauth/oauth-client-describe.ts index 3c6a769d5..416fece7e 100644 --- a/src/cli/oauth/oauth-client-describe.ts +++ b/src/cli/oauth/oauth-client-describe.ts @@ -1,10 +1,27 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo oauth client describe'); + const program = new FrodoCommand( + 'frodo oauth client describe', + [], + deploymentTypes + ); program .description('Describe OAuth2 client.') @@ -20,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/oauth/oauth-client-export.ts b/src/cli/oauth/oauth-client-export.ts index 2c83fbdbf..23116d414 100644 --- a/src/cli/oauth/oauth-client-export.ts +++ b/src/cli/oauth/oauth-client-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,8 +10,24 @@ import { import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo oauth client export'); + const program = new FrodoCommand( + 'frodo oauth client export', + [], + deploymentTypes + ); program .description('Export OAuth2 clients.') @@ -54,7 +71,7 @@ export default function setup() { command ); // export - if (options.appId && (await getTokens())) { + if (options.appId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting OAuth2 client...'); const outcome = await exportOAuth2ClientToFile( options.appId, @@ -68,7 +85,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all OAuth2 clients to file...'); const outcome = await exportOAuth2ClientsToFile( options.file, @@ -81,7 +101,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all clients to separate files...'); const outcome = await exportOAuth2ClientsToFiles(options.metadata, { useStringArrays: true, diff --git a/src/cli/oauth/oauth-client-import.ts b/src/cli/oauth/oauth-client-import.ts index bf4867b08..0c36af6c7 100644 --- a/src/cli/oauth/oauth-client-import.ts +++ b/src/cli/oauth/oauth-client-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,24 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo oauth client import'); + const program = new FrodoCommand( + 'frodo oauth client import', + [], + deploymentTypes + ); program .description('Import OAuth2 clients.') @@ -49,7 +66,11 @@ export default function setup() { command ); // import by id - if (options.file && options.appId && (await getTokens())) { + if ( + options.file && + options.appId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage(`Importing OAuth2 client "${options.appId}"...`); const outcome = await importOAuth2ClientFromFile( options.appId, @@ -61,7 +82,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if ( + options.all && + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing all OAuth2 clients from a single file (${options.file})...` ); @@ -71,7 +96,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if ( + options.allSeparate && + !options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all OAuth2 clients from separate files in current directory...' ); @@ -81,7 +110,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first provider from file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing first OAuth2 client from file "${options.file}"...` ); diff --git a/src/cli/oauth/oauth-client-list.ts b/src/cli/oauth/oauth-client-list.ts index a9ba75adc..f75f57c7a 100644 --- a/src/cli/oauth/oauth-client-list.ts +++ b/src/cli/oauth/oauth-client-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { listOAuth2Clients } from '../../ops/OAuth2ClientOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo oauth client list'); + const program = new FrodoCommand( + 'frodo oauth client list', + [], + deploymentTypes + ); program .description('List OAuth2 clients.') @@ -24,7 +41,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing OAuth2 clients...`); const outcome = await listOAuth2Clients(options.long); if (!outcome) process.exitCode = 1; diff --git a/src/cli/promote/promote.ts b/src/cli/promote/promote.ts index 83b848bf2..1c7dd09e2 100644 --- a/src/cli/promote/promote.ts +++ b/src/cli/promote/promote.ts @@ -1,4 +1,4 @@ -import { FrodoError } from '@rockcarver/frodo-lib'; +import { frodo, FrodoError } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,10 +6,16 @@ import { compareExportToDirectory } from '../../ops/PromoteOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { - const program = new FrodoCommand('promote'); + const program = new FrodoCommand('promote', [], deploymentTypes); program .description('Prepares a tenant to be promoted') diff --git a/src/cli/realm/realm-add-custom-domain.ts b/src/cli/realm/realm-add-custom-domain.ts index 443891671..b776aceea 100644 --- a/src/cli/realm/realm-add-custom-domain.ts +++ b/src/cli/realm/realm-add-custom-domain.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,24 @@ import { addCustomDomain } from '../../ops/RealmOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo realm add-custom-domain'); + const program = new FrodoCommand( + 'frodo realm add-custom-domain', + [], + deploymentTypes + ); program .description('Add custom domain (realm DNS alias).') @@ -28,7 +44,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Adding custom DNS domain ${ options.domain diff --git a/src/cli/realm/realm-describe.ts b/src/cli/realm/realm-describe.ts index 655c5dcf2..88ede05b0 100644 --- a/src/cli/realm/realm-describe.ts +++ b/src/cli/realm/realm-describe.ts @@ -5,8 +5,20 @@ import { describeRealm } from '../../ops/RealmOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo realm describe'); + const program = new FrodoCommand('frodo realm describe', [], deploymentTypes); program.description('Describe realms.').action( // implement command logic inside action handler @@ -19,7 +31,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Retrieving details of realm ${state.getRealm()}...`); describeRealm(frodo.utils.getRealmName(state.getRealm())); } else { diff --git a/src/cli/realm/realm-export.ts b/src/cli/realm/realm-export.ts index cef020a80..4566e38b9 100644 --- a/src/cli/realm/realm-export.ts +++ b/src/cli/realm/realm-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo realm export'); + const program = new FrodoCommand('frodo realm export', [], deploymentTypes); program .description('Export realms.') @@ -58,7 +71,10 @@ export default function setup() { command ); // export by id - if (options.realmId && (await getTokens())) { + if ( + options.realmId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting realm...'); const outcome = await exportRealmById( options.realmId, @@ -68,7 +84,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // export by name - else if (options.realmName && (await getTokens())) { + else if ( + options.realmName && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting realm...'); const outcome = await exportRealmByName( options.realmName, @@ -78,7 +97,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a / --all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all realms to a single file...'); const outcome = await exportRealmsToFile( options.file, @@ -87,7 +109,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A / --all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all realms to separate files...'); const outcome = await exportRealmsToFiles(options.metadata); if (!outcome) process.exitCode = 1; diff --git a/src/cli/realm/realm-import.ts b/src/cli/realm/realm-import.ts index f75e8080e..7d98523b9 100644 --- a/src/cli/realm/realm-import.ts +++ b/src/cli/realm/realm-import.ts @@ -14,7 +14,7 @@ const { CLASSIC_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; const deploymentTypes = [CLASSIC_DEPLOYMENT_TYPE_KEY]; export default function setup() { - const program = new FrodoCommand('frodo realm import'); + const program = new FrodoCommand('frodo realm import', [], deploymentTypes); program .description('Import realms.') diff --git a/src/cli/realm/realm-list.ts b/src/cli/realm/realm-list.ts index e6cf34091..14cea554b 100644 --- a/src/cli/realm/realm-list.ts +++ b/src/cli/realm/realm-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,20 @@ import { listRealms } from '../../ops/RealmOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo realm list'); + const program = new FrodoCommand('frodo realm list', [], deploymentTypes); program .description('List realms.') @@ -24,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage('Listing all realms...'); await listRealms(options.long); } else { diff --git a/src/cli/realm/realm-remove-custom-domain.ts b/src/cli/realm/realm-remove-custom-domain.ts index f4275b193..e58de117d 100644 --- a/src/cli/realm/realm-remove-custom-domain.ts +++ b/src/cli/realm/realm-remove-custom-domain.ts @@ -5,10 +5,26 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + const { removeCustomDomain } = frodo.realm; export default function setup() { - const program = new FrodoCommand('frodo realm remove-custom-domain'); + const program = new FrodoCommand( + 'frodo realm remove-custom-domain', + [], + deploymentTypes + ); program .description('Remove custom domain (realm DNS alias).') @@ -29,7 +45,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Removing custom DNS domain ${ options.domain diff --git a/src/cli/role/role-delete.ts b/src/cli/role/role-delete.ts index a248d4033..1821e39f9 100644 --- a/src/cli/role/role-delete.ts +++ b/src/cli/role/role-delete.ts @@ -4,12 +4,16 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = - frodo.utils.constants; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, ]; export default function setup() { diff --git a/src/cli/role/role-describe.ts b/src/cli/role/role-describe.ts index 643a71e40..8e8c04201 100644 --- a/src/cli/role/role-describe.ts +++ b/src/cli/role/role-describe.ts @@ -4,12 +4,16 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = - frodo.utils.constants; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, ]; export default function setup() { diff --git a/src/cli/role/role-export.ts b/src/cli/role/role-export.ts index f82248535..ddba9ccde 100644 --- a/src/cli/role/role-export.ts +++ b/src/cli/role/role-export.ts @@ -10,12 +10,16 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = - frodo.utils.constants; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, ]; export default function setup() { diff --git a/src/cli/role/role-import.ts b/src/cli/role/role-import.ts index 23dede098..5c1c0d433 100644 --- a/src/cli/role/role-import.ts +++ b/src/cli/role/role-import.ts @@ -11,12 +11,16 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = - frodo.utils.constants; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, ]; export default function setup() { diff --git a/src/cli/role/role-list.ts b/src/cli/role/role-list.ts index 15b2205fa..34d2a61b9 100644 --- a/src/cli/role/role-list.ts +++ b/src/cli/role/role-list.ts @@ -6,12 +6,16 @@ import { listRoles } from '../../ops/InternalRoleOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = - frodo.utils.constants; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY, ]; export default function setup() { diff --git a/src/cli/saml/saml-cot-export.ts b/src/cli/saml/saml-cot-export.ts index 422ff16c1..92c5a1157 100644 --- a/src/cli/saml/saml-cot-export.ts +++ b/src/cli/saml/saml-cot-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +10,24 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml cot export'); + const program = new FrodoCommand( + 'frodo saml cot export', + [], + deploymentTypes + ); program .description('Export SAML circles of trust.') @@ -57,7 +73,7 @@ export default function setup() { command ); // export by id/name - if (options.cotId && (await getTokens())) { + if (options.cotId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Exporting circle of trust "${ options.cotId @@ -71,7 +87,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all circles of trust to a single file...'); const outcome = await exportCirclesOfTrustToFile( options.file, @@ -80,7 +99,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all circles of trust to separate files...'); const outcome = await exportCirclesOfTrustToFiles(options.metadata); if (!outcome) process.exitCode = 1; diff --git a/src/cli/saml/saml-cot-import.ts b/src/cli/saml/saml-cot-import.ts index af6a6ee58..bc638696c 100644 --- a/src/cli/saml/saml-cot-import.ts +++ b/src/cli/saml/saml-cot-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,8 +11,24 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml cot import'); + const program = new FrodoCommand( + 'frodo saml cot import', + [], + deploymentTypes + ); program .description('Import SAML circles of trust.') @@ -52,7 +68,11 @@ export default function setup() { command ); // import by id - if (options.file && options.cotId && (await getTokens())) { + if ( + options.file && + options.cotId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing circle of trust "${ options.cotId @@ -65,7 +85,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if ( + options.all && + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing all circles of trust from a single file (${options.file})...` ); @@ -73,7 +97,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if ( + options.allSeparate && + !options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all circles of trust from separate files (*.saml.json) in current directory...' ); @@ -81,7 +109,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first from file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing first circle of trust from file "${ options.file diff --git a/src/cli/saml/saml-cot-list.ts b/src/cli/saml/saml-cot-list.ts index 05d768092..f16ee25e4 100644 --- a/src/cli/saml/saml-cot-list.ts +++ b/src/cli/saml/saml-cot-list.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,20 @@ import { listCirclesOfTrust } from '../../ops/CirclesOfTrustOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml cot list'); + const program = new FrodoCommand('frodo saml cot list', [], deploymentTypes); program .description('List SAML circles of trust.') @@ -25,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Listing SAML circles of trust in realm "${state.getRealm()}"...` ); diff --git a/src/cli/saml/saml-delete.ts b/src/cli/saml/saml-delete.ts index 60e5607d7..bbb6f59bd 100644 --- a/src/cli/saml/saml-delete.ts +++ b/src/cli/saml/saml-delete.ts @@ -5,11 +5,23 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + const { deleteSaml2Provider, deleteSaml2Providers } = frodo.saml2.entityProvider; export default function setup() { - const program = new FrodoCommand('frodo saml delete'); + const program = new FrodoCommand('frodo saml delete', [], deploymentTypes); program .description('Delete SAML entity providers.') @@ -34,12 +46,18 @@ export default function setup() { command ); // -i / --entity-id - if (options.entityId && (await getTokens())) { + if ( + options.entityId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage(`Deleting entity provider '${options.entityId}'...`); await deleteSaml2Provider(options.entityId); } // -a / --all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage(`Deleting all entity providers...`); await deleteSaml2Providers(); } diff --git a/src/cli/saml/saml-describe.ts b/src/cli/saml/saml-describe.ts index 55d3f0e6d..b6707ad84 100644 --- a/src/cli/saml/saml-describe.ts +++ b/src/cli/saml/saml-describe.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,20 @@ import { describeSaml2Provider } from '../../ops/Saml2Ops'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml describe'); + const program = new FrodoCommand('frodo saml describe', [], deploymentTypes); program .description('Describe the configuration of an entity provider.') @@ -23,7 +35,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Describing SAML entity provider ${ options.entityId diff --git a/src/cli/saml/saml-export.ts b/src/cli/saml/saml-export.ts index e2234896e..350eb9cb3 100644 --- a/src/cli/saml/saml-export.ts +++ b/src/cli/saml/saml-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +10,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml export'); + const program = new FrodoCommand('frodo saml export', [], deploymentTypes); program .description('Export SAML entity providers.') @@ -60,7 +72,10 @@ export default function setup() { command ); // export by id/name - if (options.entityId && (await getTokens())) { + if ( + options.entityId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Exporting provider "${ options.entityId @@ -77,7 +92,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all providers to a single file...'); const outcome = await exportSaml2ProvidersToFile( options.file, @@ -89,7 +107,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all providers to separate files...'); const outcome = await exportSaml2ProvidersToFiles(options.metadata, { deps: options.deps, diff --git a/src/cli/saml/saml-import.ts b/src/cli/saml/saml-import.ts index 70f7640a9..e2e9c68fa 100644 --- a/src/cli/saml/saml-import.ts +++ b/src/cli/saml/saml-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,8 +11,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml import'); + const program = new FrodoCommand('frodo saml import', [], deploymentTypes); program .description('Import SAML entity providers.') @@ -55,7 +67,11 @@ export default function setup() { command ); // import by id - if (options.file && options.entityId && (await getTokens())) { + if ( + options.file && + options.entityId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing provider "${ options.entityId @@ -71,7 +87,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if ( + options.all && + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing all providers from a single file (${options.file})...` ); @@ -81,7 +101,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if ( + options.allSeparate && + !options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( 'Importing all providers from separate files (*.saml.json) in current directory...' ); @@ -91,7 +115,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first provider from file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing first provider from file "${ options.file diff --git a/src/cli/saml/saml-list.ts b/src/cli/saml/saml-list.ts index 84118109d..6e96c69c0 100644 --- a/src/cli/saml/saml-list.ts +++ b/src/cli/saml/saml-list.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,20 @@ import { listSaml2Providers } from '../../ops/Saml2Ops'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml list'); + const program = new FrodoCommand('frodo saml list', [], deploymentTypes); program .description('List SAML entity providers.') @@ -25,7 +37,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Listing SAML entity providers in realm "${state.getRealm()}"...` ); diff --git a/src/cli/saml/saml-metadata-export.ts b/src/cli/saml/saml-metadata-export.ts index f4f467c23..cee331987 100644 --- a/src/cli/saml/saml-metadata-export.ts +++ b/src/cli/saml/saml-metadata-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,24 @@ import { exportSaml2MetadataToFile } from '../../ops/Saml2Ops'; import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo saml metadata export'); + const program = new FrodoCommand( + 'frodo saml metadata export', + [], + deploymentTypes + ); program .description('Export SAML metadata.') @@ -41,7 +57,10 @@ export default function setup() { command ); // export by id/name - if (options.entityId && (await getTokens())) { + if ( + options.entityId && + (await getTokens(false, true, deploymentTypes)) + ) { printMessage( `Exporting metadata for provider "${ options.entityId @@ -54,7 +73,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // // --all-separate -A - // else if (options.allSeparate && (await getTokens())) { + // else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { // printMessage('Exporting all providers to separate files...'); // exportProvidersToFiles(); // } diff --git a/src/cli/script/script-delete.ts b/src/cli/script/script-delete.ts index 814880b47..30d87c8d4 100644 --- a/src/cli/script/script-delete.ts +++ b/src/cli/script/script-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +10,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo script delete'); + const program = new FrodoCommand('frodo script delete', [], deploymentTypes); program .description('Delete scripts.') @@ -44,7 +56,10 @@ export default function setup() { options, command ); - if (options.scriptId && (await getTokens())) { + if ( + options.scriptId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Deleting script ${ options.scriptId @@ -52,7 +67,10 @@ export default function setup() { ); const outcome = await deleteScriptId(options.scriptId); if (!outcome) process.exitCode = 1; - } else if (options.scriptName && (await getTokens())) { + } else if ( + options.scriptName && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Deleting script ${ options.scriptName @@ -60,7 +78,10 @@ export default function setup() { ); const outcome = await deleteScriptName(options.scriptName); if (!outcome) process.exitCode = 1; - } else if (options.all && (await getTokens())) { + } else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Deleting all non-default scripts...'); const outcome = await deleteAllScripts(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/script/script-describe.ts b/src/cli/script/script-describe.ts index ac5b47799..9c20cf39e 100644 --- a/src/cli/script/script-describe.ts +++ b/src/cli/script/script-describe.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,24 @@ import { describeScript } from '../../ops/ScriptOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo script describe'); + const program = new FrodoCommand( + 'frodo script describe', + [], + deploymentTypes + ); program .description('Describe script.') @@ -36,7 +53,10 @@ export default function setup() { options, command ); - if ((options.scriptName || options.scriptId) && (await getTokens())) { + if ( + (options.scriptName || options.scriptId) && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Describing script ${options.scriptName ? options.scriptName : options.scriptId}...` ); diff --git a/src/cli/script/script-export.ts b/src/cli/script/script-export.ts index 3c5433571..127577e00 100644 --- a/src/cli/script/script-export.ts +++ b/src/cli/script/script-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo script export'); + const program = new FrodoCommand('frodo script export', [], deploymentTypes); program .description('Export scripts.') @@ -83,7 +96,10 @@ export default function setup() { command ); // export by id - if (options.scriptId && (await getTokens())) { + if ( + options.scriptId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting script...'); const outcome = await exportScriptToFile( options.scriptId, @@ -101,7 +117,7 @@ export default function setup() { // export by name else if ( (options.scriptName || options.script) && - (await getTokens()) + (await getTokens(false, true, deploymentTypes)) ) { verboseMessage('Exporting script...'); const outcome = await exportScriptByNameToFile( @@ -118,7 +134,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a / --all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all scripts to a single file...'); const outcome = await exportScriptsToFile( options.file, @@ -132,7 +151,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A / --all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all scripts to separate files...'); const outcome = await exportScriptsToFiles( options.extract, diff --git a/src/cli/script/script-import.ts b/src/cli/script/script-import.ts index 7be05d00c..e0ea44dde 100644 --- a/src/cli/script/script-import.ts +++ b/src/cli/script/script-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,8 +9,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo script import'); + const program = new FrodoCommand('frodo script import', [], deploymentTypes); program .description('Import scripts.') @@ -76,7 +88,7 @@ export default function setup() { command ); - if (options.file && (await getTokens())) { + if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing script(s) into realm "${state.getRealm()}"...` ); @@ -91,7 +103,10 @@ export default function setup() { } ); if (!outcome) process.exitCode = 1; - } else if (options.allSeparate && (await getTokens())) { + } else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage( `Importing all script files into realm "${state.getRealm()}"...` ); diff --git a/src/cli/script/script-list.ts b/src/cli/script/script-list.ts index bbe41c76d..c4b6b7172 100644 --- a/src/cli/script/script-list.ts +++ b/src/cli/script/script-list.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,8 +6,20 @@ import { listScripts } from '../../ops/ScriptOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo script list'); + const program = new FrodoCommand('frodo script list', [], deploymentTypes); program .description('List scripts.') @@ -40,7 +52,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing scripts in realm "${state.getRealm()}"...`); const outcome = await listScripts( options.long, diff --git a/src/cli/service/service-delete.ts b/src/cli/service/service-delete.ts index 92a7867e5..b5d52a79d 100644 --- a/src/cli/service/service-delete.ts +++ b/src/cli/service/service-delete.ts @@ -1,11 +1,24 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { deleteService, deleteServices } from '../../ops/ServiceOps.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo service delete'); + const program = new FrodoCommand('frodo service delete', [], deploymentTypes); interface ServiceDeleteOptions { id?: string; @@ -43,10 +56,13 @@ export default function setup() { const globalConfig = options.global ?? false; - if (options.id && (await getTokens())) { + if (options.id && (await getTokens(false, true, deploymentTypes))) { const outcome = await deleteService(options.id, globalConfig); if (!outcome) process.exitCode = 1; - } else if (options.all && (await getTokens())) { + } else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { const outcome = await deleteServices(globalConfig); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/service/service-export.ts b/src/cli/service/service-export.ts index 6f4022bbf..9e69c9a1f 100644 --- a/src/cli/service/service-export.ts +++ b/src/cli/service/service-export.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -9,8 +10,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo service export'); + const program = new FrodoCommand('frodo service export', [], deploymentTypes); interface ServiceExportOptions { file?: string; @@ -70,7 +83,10 @@ export default function setup() { const globalConfig = options.global ?? false; // export by name - if (options.serviceId && (await getTokens())) { + if ( + options.serviceId && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting service...'); const outcome = await exportServiceToFile( options.serviceId, @@ -81,7 +97,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a / --all - else if (options.all && (await getTokens())) { + else if ( + options.all && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all services to a single file...'); const outcome = await exportServicesToFile( options.file, @@ -91,7 +110,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A / --all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Exporting all services to separate files...'); const outcome = await exportServicesToFiles( globalConfig, diff --git a/src/cli/service/service-import.ts b/src/cli/service/service-import.ts index 01e268ca4..4235b2a11 100644 --- a/src/cli/service/service-import.ts +++ b/src/cli/service/service-import.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,8 +11,20 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo service import'); + const program = new FrodoCommand('frodo service import', [], deploymentTypes); interface ServiceImportOptions { file?: string; @@ -89,10 +102,14 @@ export default function setup() { const globalConfig = options.global ?? false; const realmConfig = globalConfig ? false - : options.currentRealm ?? false; + : (options.currentRealm ?? false); // import by id - if (options.serviceId && options.file && (await getTokens())) { + if ( + options.serviceId && + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing service...'); const outcome = await importServiceFromFile( options.serviceId, @@ -106,7 +123,11 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a / --all - else if (options.all && options.file && (await getTokens())) { + else if ( + options.all && + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing all services from a single file...'); const outcome = await importServicesFromFile(options.file, { clean, @@ -116,7 +137,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A / --all-separate - else if (options.allSeparate && (await getTokens())) { + else if ( + options.allSeparate && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing all services from separate files...'); const outcome = await importServicesFromFiles({ clean, @@ -126,7 +150,10 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import file - else if (options.file && (await getTokens())) { + else if ( + options.file && + (await getTokens(false, true, deploymentTypes)) + ) { verboseMessage('Importing service...'); const outcome = await importFirstServiceFromFile(options.file, { clean, diff --git a/src/cli/service/service-list.ts b/src/cli/service/service-list.ts index c303700f1..c08b191f2 100644 --- a/src/cli/service/service-list.ts +++ b/src/cli/service/service-list.ts @@ -1,3 +1,4 @@ +import { frodo } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -5,8 +6,20 @@ import { listServices } from '../../ops/ServiceOps.js'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const { + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +} = frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, + CLASSIC_DEPLOYMENT_TYPE_KEY, +]; + export default function setup() { - const program = new FrodoCommand('frodo service list'); + const program = new FrodoCommand('frodo service list', [], deploymentTypes); program .description('List AM services.') @@ -23,7 +36,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing all AM services for realm: ${realm}`); const outcome = await listServices(options.long, options.global); if (!outcome) process.exitCode = 1; diff --git a/src/cli/theme/theme-delete.ts b/src/cli/theme/theme-delete.ts index 5608ceadc..3558a4b62 100644 --- a/src/cli/theme/theme-delete.ts +++ b/src/cli/theme/theme-delete.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -10,7 +10,13 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo theme delete', [], deploymentTypes); diff --git a/src/cli/theme/theme-export.ts b/src/cli/theme/theme-export.ts index bf7e430a4..b8077b171 100644 --- a/src/cli/theme/theme-export.ts +++ b/src/cli/theme/theme-export.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -11,7 +11,13 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo theme export', [], deploymentTypes); diff --git a/src/cli/theme/theme-import.ts b/src/cli/theme/theme-import.ts index ef3805417..5678007fc 100644 --- a/src/cli/theme/theme-import.ts +++ b/src/cli/theme/theme-import.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -12,7 +12,13 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo theme import', [], deploymentTypes); diff --git a/src/cli/theme/theme-list.ts b/src/cli/theme/theme-list.ts index b4681074a..978fc2124 100644 --- a/src/cli/theme/theme-list.ts +++ b/src/cli/theme/theme-list.ts @@ -1,4 +1,4 @@ -import { state } from '@rockcarver/frodo-lib'; +import { frodo, state } from '@rockcarver/frodo-lib'; import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; @@ -6,7 +6,13 @@ import { listThemes } from '../../ops/ThemeOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = + frodo.utils.constants; + +const deploymentTypes = [ + CLOUD_DEPLOYMENT_TYPE_KEY, + FORGEOPS_DEPLOYMENT_TYPE_KEY, +]; export default function setup() { const program = new FrodoCommand('frodo theme list', [], deploymentTypes); diff --git a/src/utils/Config.ts b/src/utils/Config.ts index 8e1a84aa6..823a83786 100644 --- a/src/utils/Config.ts +++ b/src/utils/Config.ts @@ -19,6 +19,7 @@ const { getFilePath, readFiles, saveTextToFile, saveJsonToFile } = frodo.utils; const { exportFullConfiguration } = frodo.config; const { getDefaultNoiseFilter } = frodo.cloud.log; +const { IDM_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; export const FRODO_CONFIG_PATH_KEY = 'FRODO_CONFIG_PATH'; export const FRODO_LOG_NOISEFILTER_FILENAME = 'LoggingNoiseFilter.json'; @@ -107,7 +108,11 @@ export async function getFullExportConfig( export async function getFullExportConfigFromDirectory( directory: string ): Promise { - const realms = fs.readdirSync(directory + '/realm'); + const realms = + state.getDeploymentType() === IDM_DEPLOYMENT_TYPE_KEY + ? [] + : fs.readdirSync(directory + '/realm'); + const fullExportConfig: FullExportInterface = { meta: {} as ExportMetaData, global: {} as unknown as FullGlobalExportInterface, diff --git a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap index b55c8d804..75c9ab8f7 100644 --- a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap index 255e07e34..7bd0429b4 100644 --- a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap @@ -91,7 +91,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-llt-esv Don't store the token in a secret and output to console instead. This option diff --git a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap index 3c97ee932..7cdc976cc 100644 --- a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -s, --client-secret [secret] Client secret. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap index 0d949b256..ea34e35dd 100644 --- a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap index 96e5fe6fd..2a0eab543 100644 --- a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap index 998383de8..b4a114bf7 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap index 922e02437..ae12e0e56 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap index 6235f9b95..40fb0222a 100644 --- a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap index 550ca843e..3dfcfda8c 100644 --- a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap index a1b861397..05ec23b8a 100644 --- a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap @@ -77,7 +77,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap index ec5b8fef1..b7115c067 100644 --- a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap index df5163fc9..b757bc5cb 100644 --- a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap index 8723663b1..e5f68d0fb 100644 --- a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap index c51ae5e4e..37ee4abe3 100644 --- a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-export.test.js.snap index 140f21f16..5202032a9 100644 --- a/test/client_cli/en/__snapshots__/agent-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap index bc58fdf8f..c9c83c144 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap index 79f939fb4..a81b5797d 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap index ce89b195a..c44242797 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap index d67b2c9f2..b6c5e9610 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap index d9fbf7810..543b0b891 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-import.test.js.snap index 3d8bb5213..f97158839 100644 --- a/test/client_cli/en/__snapshots__/agent-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap index c2624a67d..33d3d961e 100644 --- a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap index 2cfbf6770..91e84b832 100644 --- a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap index 940f712c9..82eee9656 100644 --- a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap index 53afa6b74..b582ec7e2 100644 --- a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap index 45b53f8c9..6a4046ca5 100644 --- a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-list.test.js.snap index 6700357b3..744da79de 100644 --- a/test/client_cli/en/__snapshots__/agent-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap index a311eab31..f095d2c42 100644 --- a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap index b82e5ab1a..85b3fc0b8 100644 --- a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap index 2a817336e..50a9d6ec2 100644 --- a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap index 4649f8318..32afb4a18 100644 --- a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap index 5f1331447..7af59f4cf 100644 --- a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/app-delete.test.js.snap b/test/client_cli/en/__snapshots__/app-delete.test.js.snap index 592f2d02d..02f49ff94 100644 --- a/test/client_cli/en/__snapshots__/app-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/app-export.test.js.snap b/test/client_cli/en/__snapshots__/app-export.test.js.snap index 1de27341d..da396fda5 100644 --- a/test/client_cli/en/__snapshots__/app-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/app-import.test.js.snap b/test/client_cli/en/__snapshots__/app-import.test.js.snap index 0f4513e73..cdea09887 100644 --- a/test/client_cli/en/__snapshots__/app-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/app-list.test.js.snap b/test/client_cli/en/__snapshots__/app-list.test.js.snap index 5766b42f9..6fcbfa2dc 100644 --- a/test/client_cli/en/__snapshots__/app-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap index 9529aeaca..3ab653462 100644 --- a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authn-export.test.js.snap b/test/client_cli/en/__snapshots__/authn-export.test.js.snap index a205c3e38..cc09c7b72 100644 --- a/test/client_cli/en/__snapshots__/authn-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-export.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authn-import.test.js.snap b/test/client_cli/en/__snapshots__/authn-import.test.js.snap index e1bdc4073..437693a72 100644 --- a/test/client_cli/en/__snapshots__/authn-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-import.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap index 744499154..49495c6a4 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap index a57f9a3f6..1d57d51fa 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap index f574540ab..98b6f309f 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap index 18ce5583e..09f1dc204 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not import dependencies (scripts) even if they are available in the import diff --git a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap index bf357cc9a..3fb17f780 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap index 390602502..e03e6e026 100644 --- a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap index 7eb683e1e..b488af397 100644 --- a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap index 073ee7c73..d9bba2695 100644 --- a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap index ac611010f..858e63a3f 100644 --- a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (policies, scripts). diff --git a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap index 9197713ce..79d04dc3d 100644 --- a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. If specified, -a is ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap index a372d1b2f..b0b042202 100644 --- a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. --no-cache Disable token cache for this operation. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap index f1937ef7c..136d20455 100644 --- a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap index b72e1a2ec..94c65b5cb 100644 --- a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap index d517950ce..9d7f2034a 100644 --- a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/config-export.test.js.snap b/test/client_cli/en/__snapshots__/config-export.test.js.snap index 4b7ffd871..9d59b5666 100644 --- a/test/client_cli/en/__snapshots__/config-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-export.test.js.snap @@ -97,7 +97,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/config-import.test.js.snap b/test/client_cli/en/__snapshots__/config-import.test.js.snap index f1b55e7e6..b1969a6ff 100644 --- a/test/client_cli/en/__snapshots__/config-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-import.test.js.snap @@ -94,7 +94,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --re-uuid-journeys Generate new UUIDs for all journey nodes during import. (default: off) diff --git a/test/client_cli/en/__snapshots__/conn-save.test.js.snap b/test/client_cli/en/__snapshots__/conn-save.test.js.snap index 6bc294566..3d8808957 100644 --- a/test/client_cli/en/__snapshots__/conn-save.test.js.snap +++ b/test/client_cli/en/__snapshots__/conn-save.test.js.snap @@ -28,7 +28,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. @@ -96,7 +96,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. @@ -164,7 +164,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. @@ -232,7 +232,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. diff --git a/test/client_cli/en/__snapshots__/email-template-export.test.js.snap b/test/client_cli/en/__snapshots__/email-template-export.test.js.snap index 3053f1191..3050770bb 100644 --- a/test/client_cli/en/__snapshots__/email-template-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/email-template-import.test.js.snap b/test/client_cli/en/__snapshots__/email-template-import.test.js.snap index 3ec645b61..36b1f92f0 100644 --- a/test/client_cli/en/__snapshots__/email-template-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --raw Import raw email template files. Raw templates do not contain the id/name, diff --git a/test/client_cli/en/__snapshots__/email-template-list.test.js.snap b/test/client_cli/en/__snapshots__/email-template-list.test.js.snap index 190cab019..c405d106f 100644 --- a/test/client_cli/en/__snapshots__/email-template-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-apply.test.js.snap b/test/client_cli/en/__snapshots__/esv-apply.test.js.snap index 65ed568a1..d2b1d6b46 100644 --- a/test/client_cli/en/__snapshots__/esv-apply.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-apply.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-wait Don't wait for the updates to finish applying. diff --git a/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap index 9c4f96b97..72e9d5765 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-use-in-placeholders Secret cannot be used in placeholders. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap index 9720ca71d..67169ce31 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap @@ -71,7 +71,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap index 5629e72e7..8238675f5 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap index 6f5f6cce3..c0a42da3d 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap index 6a790b0dc..a0311175f 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap @@ -84,7 +84,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap index 20dc280b3..0a33b3cd9 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap index 441356f70..9a07b8cf8 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap index f14c2bbff..03ddf6447 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap index 53f96e356..c9f2f4f79 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap index 51a18724f..d2ea0adec 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap index b1fbc393e..255e9aec8 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap @@ -71,7 +71,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap index 839962660..6fc12341b 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap index 57774a259..1575828ea 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap index bcf382eb6..cec130982 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap index e3bfa6d47..196edef46 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap index 2e01d8792..f5d8faffc 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap index 4727ab958..ac88294ac 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap @@ -77,7 +77,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap index f40191719..5dfe5f484 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap index 8237a6b6f..78f4ddd5b 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-count.test.js.snap b/test/client_cli/en/__snapshots__/idm-count.test.js.snap index 1ceeb4636..bfdf419e1 100644 --- a/test/client_cli/en/__snapshots__/idm-count.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-count.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -o, --managed-object Type of managed object to count. E.g. "alpha_user", "alpha_role", "user", diff --git a/test/client_cli/en/__snapshots__/idm-delete.test.js.snap b/test/client_cli/en/__snapshots__/idm-delete.test.js.snap index aaecb77aa..5671cd406 100644 --- a/test/client_cli/en/__snapshots__/idm-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-delete.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-export.test.js.snap b/test/client_cli/en/__snapshots__/idm-export.test.js.snap index da40cbe0c..9f2253e41 100644 --- a/test/client_cli/en/__snapshots__/idm-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-export.test.js.snap @@ -88,7 +88,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/idm-import.test.js.snap b/test/client_cli/en/__snapshots__/idm-import.test.js.snap index 2365775c9..506f66e5e 100644 --- a/test/client_cli/en/__snapshots__/idm-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-import.test.js.snap @@ -86,7 +86,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-list.test.js.snap b/test/client_cli/en/__snapshots__/idm-list.test.js.snap index 91a77306a..3fdeac7d8 100644 --- a/test/client_cli/en/__snapshots__/idm-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-list.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap b/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap index 4ec904db0..ade223f95 100644 --- a/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap b/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap index 4ec904db0..ade223f95 100644 --- a/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idp-delete.test.js.snap b/test/client_cli/en/__snapshots__/idp-delete.test.js.snap index 99b7a467a..713962c7a 100644 --- a/test/client_cli/en/__snapshots__/idp-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-delete.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idp-export.test.js.snap b/test/client_cli/en/__snapshots__/idp-export.test.js.snap index bb57f882f..4dd5af7ca 100644 --- a/test/client_cli/en/__snapshots__/idp-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/idp-import.test.js.snap b/test/client_cli/en/__snapshots__/idp-import.test.js.snap index 6c4130b49..658bee668 100644 --- a/test/client_cli/en/__snapshots__/idp-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/idp-list.test.js.snap b/test/client_cli/en/__snapshots__/idp-list.test.js.snap index 72135d594..dbb15e4a9 100644 --- a/test/client_cli/en/__snapshots__/idp-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-list.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/info.test.js.snap b/test/client_cli/en/__snapshots__/info.test.js.snap index 7b378eb21..fdf8b4d61 100644 --- a/test/client_cli/en/__snapshots__/info.test.js.snap +++ b/test/client_cli/en/__snapshots__/info.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-delete.test.js.snap b/test/client_cli/en/__snapshots__/journey-delete.test.js.snap index 8645489e1..d6a623a0a 100644 --- a/test/client_cli/en/__snapshots__/journey-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/journey-describe.test.js.snap b/test/client_cli/en/__snapshots__/journey-describe.test.js.snap index 2be83270d..e2571badf 100644 --- a/test/client_cli/en/__snapshots__/journey-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-describe.test.js.snap @@ -79,7 +79,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --markdown Output in markdown. --no-cache Disable token cache for this operation. -o, --override-version Override version. Notation: diff --git a/test/client_cli/en/__snapshots__/journey-disable.test.js.snap b/test/client_cli/en/__snapshots__/journey-disable.test.js.snap index 90bbd60d2..b6a700566 100644 --- a/test/client_cli/en/__snapshots__/journey-disable.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-disable.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-enable.test.js.snap b/test/client_cli/en/__snapshots__/journey-enable.test.js.snap index c0dd964b2..57d74a3ec 100644 --- a/test/client_cli/en/__snapshots__/journey-enable.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-enable.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-export.test.js.snap b/test/client_cli/en/__snapshots__/journey-export.test.js.snap index c17a8d94e..8bfdc7c58 100644 --- a/test/client_cli/en/__snapshots__/journey-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/journey-import.test.js.snap b/test/client_cli/en/__snapshots__/journey-import.test.js.snap index 4047dc74b..4cf22c487 100644 --- a/test/client_cli/en/__snapshots__/journey-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts, email templates, SAML entity diff --git a/test/client_cli/en/__snapshots__/journey-list.test.js.snap b/test/client_cli/en/__snapshots__/journey-list.test.js.snap index e9579d4e2..08f01a8bb 100644 --- a/test/client_cli/en/__snapshots__/journey-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-prune.test.js.snap b/test/client_cli/en/__snapshots__/journey-prune.test.js.snap index 7e657abbc..3f51b962d 100644 --- a/test/client_cli/en/__snapshots__/journey-prune.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-prune.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/log-fetch.test.js.snap b/test/client_cli/en/__snapshots__/log-fetch.test.js.snap index 6c30f8d18..4c01856f8 100644 --- a/test/client_cli/en/__snapshots__/log-fetch.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-fetch.test.js.snap @@ -92,7 +92,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -s, --search-string Filter by a specific string (ANDed with transactionID filter) @@ -219,7 +219,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -s, --search-string Filter by a specific string (ANDed with transactionID filter) diff --git a/test/client_cli/en/__snapshots__/log-list.test.js.snap b/test/client_cli/en/__snapshots__/log-list.test.js.snap index b869cc629..d5dce03c8 100644 --- a/test/client_cli/en/__snapshots__/log-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-list.test.js.snap @@ -68,7 +68,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) @@ -168,7 +168,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/log-tail.test.js.snap b/test/client_cli/en/__snapshots__/log-tail.test.js.snap index ff92e884d..ff986b79b 100644 --- a/test/client_cli/en/__snapshots__/log-tail.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-tail.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) @@ -199,7 +199,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap b/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap index 0711bcf73..d27259c26 100644 --- a/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap @@ -28,7 +28,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. diff --git a/test/client_cli/en/__snapshots__/mapping-export.test.js.snap b/test/client_cli/en/__snapshots__/mapping-export.test.js.snap index 065a57e9d..fa71316eb 100644 --- a/test/client_cli/en/__snapshots__/mapping-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-export.test.js.snap @@ -30,7 +30,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies in export. diff --git a/test/client_cli/en/__snapshots__/mapping-import.test.js.snap b/test/client_cli/en/__snapshots__/mapping-import.test.js.snap index c83159977..0f64db4fa 100644 --- a/test/client_cli/en/__snapshots__/mapping-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/mapping-list.test.js.snap b/test/client_cli/en/__snapshots__/mapping-list.test.js.snap index fa6581dab..52c6c075f 100644 --- a/test/client_cli/en/__snapshots__/mapping-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap b/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap index 8450139b9..5245f2137 100644 --- a/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap @@ -86,7 +86,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap index f4643f35a..6d5f1a2b1 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap index 10e8aa7f7..d0027129a 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap index 0439dc5a6..eb082cc07 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap index de5402261..8b407940d 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/promote.test.js.snap b/test/client_cli/en/__snapshots__/promote.test.js.snap index 2f5865035..65b67602b 100644 --- a/test/client_cli/en/__snapshots__/promote.test.js.snap +++ b/test/client_cli/en/__snapshots__/promote.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -M, --master-dir The directory where the master configurations is located. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap b/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap index 0fda55a2e..8bd4214a3 100644 --- a/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/realm-describe.test.js.snap b/test/client_cli/en/__snapshots__/realm-describe.test.js.snap index 05ef9d0d8..cc6763b19 100644 --- a/test/client_cli/en/__snapshots__/realm-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-describe.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/realm-export.test.js.snap b/test/client_cli/en/__snapshots__/realm-export.test.js.snap index b59a2ef07..83b3c65f1 100644 --- a/test/client_cli/en/__snapshots__/realm-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --realm-name Realm name. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/realm-import.test.js.snap b/test/client_cli/en/__snapshots__/realm-import.test.js.snap index 686b58f2b..0d56fd599 100644 --- a/test/client_cli/en/__snapshots__/realm-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --realm-name Realm name. If specified, only one realm is imported and the options -a and -A are ignored. diff --git a/test/client_cli/en/__snapshots__/realm-list.test.js.snap b/test/client_cli/en/__snapshots__/realm-list.test.js.snap index a1effb3ea..a1509b0b7 100644 --- a/test/client_cli/en/__snapshots__/realm-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap b/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap index e3af3148b..729187257 100644 --- a/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/role-export.test.js.snap b/test/client_cli/en/__snapshots__/role-export.test.js.snap index 6a59049ee..fd2b2782e 100644 --- a/test/client_cli/en/__snapshots__/role-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/role-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --role-name Internal role name. If specified, only one internal role is exported and the options -a and -A are ignored. diff --git a/test/client_cli/en/__snapshots__/role-import.test.js.snap b/test/client_cli/en/__snapshots__/role-import.test.js.snap index 67196159f..96e589f1c 100644 --- a/test/client_cli/en/__snapshots__/role-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/role-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --role-name Internal role name. If specified, only one internal role is imported and the options -a and -A are ignored. diff --git a/test/client_cli/en/__snapshots__/role-list.test.js.snap b/test/client_cli/en/__snapshots__/role-list.test.js.snap index e97092410..cdccff717 100644 --- a/test/client_cli/en/__snapshots__/role-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/role-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap index 0d46a2a79..7a5197937 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap index dc88c059e..5f6f07301 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap index 86559f430..b12960cd8 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-delete.test.js.snap b/test/client_cli/en/__snapshots__/saml-delete.test.js.snap index 0b4754f19..08f3c62c7 100644 --- a/test/client_cli/en/__snapshots__/saml-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-describe.test.js.snap b/test/client_cli/en/__snapshots__/saml-describe.test.js.snap index 5623e1014..9e31dfcc7 100644 --- a/test/client_cli/en/__snapshots__/saml-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-export.test.js.snap index 5056f3887..6143b9e1e 100644 --- a/test/client_cli/en/__snapshots__/saml-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-export.test.js.snap @@ -84,7 +84,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/saml-import.test.js.snap b/test/client_cli/en/__snapshots__/saml-import.test.js.snap index b1192f2ef..5e405c37b 100644 --- a/test/client_cli/en/__snapshots__/saml-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/saml-list.test.js.snap b/test/client_cli/en/__snapshots__/saml-list.test.js.snap index 5b944cc3f..6480f541e 100644 --- a/test/client_cli/en/__snapshots__/saml-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap index c19a1d519..ce64912e7 100644 --- a/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap @@ -78,7 +78,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/script-delete.test.js.snap b/test/client_cli/en/__snapshots__/script-delete.test.js.snap index 182e76faf..9a01ae87e 100644 --- a/test/client_cli/en/__snapshots__/script-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/script-describe.test.js.snap b/test/client_cli/en/__snapshots__/script-describe.test.js.snap index a7a5432a4..810c1888a 100644 --- a/test/client_cli/en/__snapshots__/script-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-describe.test.js.snap @@ -78,7 +78,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. --no-cache Disable token cache for this operation. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/script-export.test.js.snap b/test/client_cli/en/__snapshots__/script-export.test.js.snap index fd16724a3..58874c4ec 100644 --- a/test/client_cli/en/__snapshots__/script-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/script-import.test.js.snap b/test/client_cli/en/__snapshots__/script-import.test.js.snap index 72cd828da..8cfadfd55 100644 --- a/test/client_cli/en/__snapshots__/script-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-import.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/script-list.test.js.snap b/test/client_cli/en/__snapshots__/script-list.test.js.snap index bf3dc5c33..bdb807feb 100644 --- a/test/client_cli/en/__snapshots__/script-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-list.test.js.snap @@ -78,7 +78,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/server-export.test.js.snap b/test/client_cli/en/__snapshots__/server-export.test.js.snap index 9d2d44c20..5c10413c2 100644 --- a/test/client_cli/en/__snapshots__/server-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/server-export.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/server-import.test.js.snap b/test/client_cli/en/__snapshots__/server-import.test.js.snap index 388103399..70aa6a130 100644 --- a/test/client_cli/en/__snapshots__/server-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/server-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/server-list.test.js.snap b/test/client_cli/en/__snapshots__/server-list.test.js.snap index 4e4679fb6..411145253 100644 --- a/test/client_cli/en/__snapshots__/server-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/server-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/service-delete.test.js.snap b/test/client_cli/en/__snapshots__/service-delete.test.js.snap index f56b7f63f..377751ce1 100644 --- a/test/client_cli/en/__snapshots__/service-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/service-export.test.js.snap b/test/client_cli/en/__snapshots__/service-export.test.js.snap index 3adbd1f42..068172131 100644 --- a/test/client_cli/en/__snapshots__/service-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/service-import.test.js.snap b/test/client_cli/en/__snapshots__/service-import.test.js.snap index 19ff14e5c..b15ff64ff 100644 --- a/test/client_cli/en/__snapshots__/service-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -r, --current-realm Import service(s) into the current realm. Use this flag if you exported a diff --git a/test/client_cli/en/__snapshots__/service-list.test.js.snap b/test/client_cli/en/__snapshots__/service-list.test.js.snap index 5b2754504..509097167 100644 --- a/test/client_cli/en/__snapshots__/service-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/shell.test.js.snap b/test/client_cli/en/__snapshots__/shell.test.js.snap index 93a19e872..5a1752203 100644 --- a/test/client_cli/en/__snapshots__/shell.test.js.snap +++ b/test/client_cli/en/__snapshots__/shell.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/theme-delete.test.js.snap b/test/client_cli/en/__snapshots__/theme-delete.test.js.snap index 620217b5b..219857313 100644 --- a/test/client_cli/en/__snapshots__/theme-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --theme-name Name of the theme. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/theme-export.test.js.snap b/test/client_cli/en/__snapshots__/theme-export.test.js.snap index cf3edc234..85beaa4d5 100644 --- a/test/client_cli/en/__snapshots__/theme-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --theme-name Name of the theme. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/theme-import.test.js.snap b/test/client_cli/en/__snapshots__/theme-import.test.js.snap index 4aa6ee3de..9585ed956 100644 --- a/test/client_cli/en/__snapshots__/theme-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --theme-name Name of the theme. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/theme-list.test.js.snap b/test/client_cli/en/__snapshots__/theme-list.test.js.snap index 77796bfe3..deb70478a 100644 --- a/test/client_cli/en/__snapshots__/theme-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/e2e/__snapshots__/config-export.e2e.test.js.snap b/test/e2e/__snapshots__/config-export.e2e.test.js.snap index e5381e532..3ee66d5e7 100644 --- a/test/e2e/__snapshots__/config-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/config-export.e2e.test.js.snap @@ -252069,155 +252069,9 @@ exports[`frodo config export "frodo config export -AD exportAllTestDir1": should } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate 1`] = `""`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoEmailVerification.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "baselineDemoEmailVerification": { - "_id": "emailTemplate/baselineDemoEmailVerification", - "defaultLocale": "en", - "displayName": "Baseline Demo Email Verification", - "enabled": true, - "from": "security@example.com", - "html": { - "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verification for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "message": { - "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verfication for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #f6f6f6; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - h1 { - font-size: 40px; - text-align: center; -} - h2 { - font-size: 36px; -} - h3 { - font-size: 32px; -} - h4 { - font-size: 28px; -} - h5 { - font-size: 24px; -} - h6 { - font-size: 20px; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 600px -} - .button { - background-color: #109cf1; - border: none; - color: white; - padding: 15px 32px; - text-align: center; - text-decoration: none; - display: inline-block; - font-size: 16px; -} - ", - "subject": { - "en": "Please verify your email address", - }, - "templateId": "baselineDemoEmailVerification", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoMagicLink.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "baselineDemoMagicLink": { - "_id": "emailTemplate/baselineDemoMagicLink", - "defaultLocale": "en", - "displayName": "Baseline Demo Magic Link", - "enabled": true, - "from": "security@example.com", - "html": { - "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "message": { - "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #f6f6f6; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - h1 { - font-size: 40px; - text-align: center; -} - h2 { - font-size: 36px; -} - h3 { - font-size: 32px; -} - h4 { - font-size: 28px; -} - h5 { - font-size: 24px; -} - h6 { - font-size: 20px; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 600px -} - .button { - background-color: #109cf1; - border: none; - color: white; - padding: 15px 32px; - text-align: center; - text-decoration: none; - display: inline-block; - font-size: 16px; -} - ", - "subject": { - "en": "Your sign-in link", - }, - "templateId": "baselineDemoMagicLink", - }, - }, - "meta": Any, -} -`; +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings 1`] = `""`; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/forgottenUsername.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/forgottenUsername.emailTemplate.json 1`] = ` { "emailTemplate": { "forgottenUsername": { @@ -252225,16 +252079,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "defaultLocale": "en", "enabled": true, "from": "", - "html": { - "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", - }, "message": { - "en": "

{{#if object.userName}}Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "
{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", + "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Account Information - username", "fr": "Informations sur le compte - nom d'utilisateur", @@ -252245,293 +252094,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frEmailUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frEmailUpdated": { - "_id": "emailTemplate/frEmailUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account email has changed

Your ForgeRock Identity Cloud email has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your email has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frForgotUsername.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frForgotUsername": { - "_id": "emailTemplate/frForgotUsername", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Forgot your username?

Your username is {{ object.userName }}.

Sign In to Your Account

If you didn't request this, please ignore this email.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Forgot Username", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frOnboarding.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frOnboarding": { - "_id": "emailTemplate/frOnboarding", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account is ready

Your ForgeRock Identity Cloud account is ready. Click the button below to complete registration and access your environment.

Complete Registration

If you did not request this account, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Complete your ForgeRock Identity Cloud registration", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frPasswordUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frPasswordUpdated": { - "_id": "emailTemplate/frPasswordUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account password has changed

Your ForgeRock Identity Cloud password has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your password has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frProfileUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frProfileUpdated": { - "_id": "emailTemplate/frProfileUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account profile has changed

Your ForgeRock Identity Cloud profile has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your profile has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frResetPassword.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frResetPassword": { - "_id": "emailTemplate/frResetPassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Reset your password

It seems you have forgotten the password for your ForgeRock Identity Cloud account. Click the button below to reset your password and access your environment.

Reset Password

If you did not request to reset your password, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Reset your password", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frUsernameUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frUsernameUpdated": { - "_id": "emailTemplate/frUsernameUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account username has changed

Your ForgeRock Identity Cloud username has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your username has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/idv.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "idv": { - "_id": "emailTemplate/idv", - "defaultLocale": "en", - "description": "Identity Verification Invitation", - "displayName": "idv", - "enabled": true, - "from": "", - "html": { - "en": "

Click the link below to verify your identity:

Verify my identity now

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, - "message": { - "en": "

Click the link below to verify your identity:

Verify my identity now

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, - "mimeType": "text/html", - "name": "registration", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", - "subject": { - "en": "You have been invited to verify your identity", - "fr": "Créer un nouveau compte", - }, - "templateId": "idv", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/joiner.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "joiner": { - "_id": "emailTemplate/joiner", - "advancedEditor": true, - "defaultLocale": "en", - "description": "This email will be sent onCreate of user to the external eMail address provided during creation. An OTP will also be sent to Telephone Number provided during creation to validate the user. The user will then be able to set their password and ForgeRock Push Authenticator", - "displayName": "Joiner", - "enabled": true, - "from": ""Encore HR" ", - "html": { - "en": "", - }, - "message": { - "en": " - - -
-

- -

-

Welcome to Encore {{object.givenName}} {{object.sn}}

-

Please click on the link below to validate your phone number with a One Time Code that will be sent via SMS or called to you depending on your phone type.

-

You will see your UserName and have the ability to set your password that will be used to login to Encore resources.

-

As we believe in enhanced security, you will also be setting up a Push Notification for future use.

- Click to Join Encore -
- -", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Welcome to Encore!", - }, - "templateId": "joiner", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registerPasswordlessDevice.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "registerPasswordlessDevice": { - "_id": "emailTemplate/registerPasswordlessDevice", - "defaultLocale": "en", - "description": "", - "displayName": "Register Passwordless Device", - "enabled": true, - "from": ""ForgeRock Identity Cloud" ", - "html": { - "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "message": { - "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - -a { - text-decoration: none; - color: #109cf1; -} - -.content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} -", - "subject": { - "en": "Your magic link is here - register new WebAuthN device", - }, - "templateId": "registerPasswordlessDevice", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registration.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/registration.emailTemplate.json 1`] = ` { "emailTemplate": { "registration": { @@ -252539,16 +252102,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "defaultLocale": "en", "enabled": true, "from": "", - "html": { - "en": "

This is your registration email.

Email verification link

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, "message": { - "en": "

This is your registration email.

Email verification link

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Register new account", "fr": "Créer un nouveau compte", @@ -252559,7 +252117,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/resetPassword.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/resetPassword.emailTemplate.json 1`] = ` { "emailTemplate": { "resetPassword": { @@ -252582,7 +252140,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/updatePassword.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/updatePassword.emailTemplate.json 1`] = ` { "emailTemplate": { "updatePassword": { @@ -252590,14 +252148,10 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "defaultLocale": "en", "enabled": true, "from": "", - "html": { - "en": "

Verify email to update password

Update password link

", - }, "message": { - "en": "

Verify email to update password

Update password link

", + "en": "

Verify email to update password

Update password link

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Update your password", }, @@ -252607,39 +252161,41 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/welcome.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/welcome.emailTemplate.json 1`] = ` { "emailTemplate": { "welcome": { "_id": "emailTemplate/welcome", "defaultLocale": "en", - "displayName": "Welcome", "enabled": true, "from": "", - "html": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, "message": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", + "en": "

Welcome to OpenIDM. Your username is '{{object.userName}}'.

", + "fr": "

Bienvenue sur OpenIDM. Votre nom d'utilisateur est '{{object.userName}}'.

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Your account has been created", + "fr": "Votre compte vient d’être créé !", }, - "templateId": "welcome", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/access.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/access.idm.json 1`] = ` { "idm": { "access": { "_id": "access", "configs": [ + { + "actions": "", + "methods": "read", + "pattern": "health", + "roles": "*", + }, { "actions": "*", "methods": "read", @@ -252653,17 +252209,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "roles": "*", }, { - "actions": "*", - "methods": "read", - "pattern": "config/fidc/*", + "actions": "validate", + "methods": "action", + "pattern": "util/validateQueryFilter", "roles": "*", }, - { - "actions": "*", - "methods": "*", - "pattern": "config/fidc/*", - "roles": "internal/role/openidm-admin", - }, { "actions": "*", "methods": "read", @@ -252673,25 +252223,14 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "actions": "*", "methods": "read", - "pattern": "config/ui/themerealm", - "roles": "*", - }, - { - "actions": "*", - "methods": "read", - "pattern": "config/uilocale/*", + "pattern": "config/ui/theme-*", "roles": "*", }, { "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled(['registration', 'passwordReset'])", "methods": "read", - "pattern": "config/fieldPolicy/*", - "roles": "internal/role/openidm-authorized", - }, - { - "actions": "*", - "methods": "read", - "pattern": "info/uiconfig", + "pattern": "config/selfservice/kbaConfig", "roles": "*", }, { @@ -252719,10 +252258,23 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "roles": "*", }, { - "actions": "validate", - "methods": "action", - "pattern": "util/validateQueryFilter", - "roles": "internal/role/openidm-authorized", + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/termsAndConditions", + "roles": "*", + }, + { + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/kbaUpdate", + "roles": "*", + }, + { + "actions": "", + "customAuthz": "isMyProfile()", + "methods": "read,query", + "pattern": "profile/*", + "roles": "*", }, { "actions": "*", @@ -252743,6 +252295,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "pattern": "consent", "roles": "internal/role/openidm-authorized", }, + { + "customAuthz": "checkIfApiRequest()", + "methods": "read", + "pattern": "*", + "roles": "internal/role/openidm-admin", + }, { "actions": "*", "excludePatterns": "repo,repo/*", @@ -252832,11 +252390,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "pattern": "selfservice/terms", "roles": "internal/role/platform-provisioning", }, - { - "methods": "read", - "pattern": "identityProviders", - "roles": "internal/role/platform-provisioning", - }, { "actions": "sendTemplate", "methods": "action", @@ -252861,6 +252414,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "pattern": "config/ui/*", "roles": "internal/role/openidm-authorized", }, + { + "actions": "reauthenticate", + "methods": "action", + "pattern": "authentication", + "roles": "internal/role/openidm-authorized", + }, { "actions": "bind,unbind", "customAuthz": "ownDataOnly()", @@ -252870,86 +252429,75 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, { "actions": "patch", - "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', [])", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', []) && reauthIfProtectedAttributeChange()", "methods": "update,patch,action", "pattern": "*", "roles": "internal/role/openidm-authorized", }, { - "actions": "patch", - "customAuthz": "(request.resourcePath === 'selfservice/user/' + context.security.authorization.id) && onlyEditableManagedObjectProperties('user', [])", - "methods": "patch,action", - "pattern": "selfservice/user/*", + "actions": "*", + "methods": "read", + "pattern": "endpoint/getprocessesforuser", "roles": "internal/role/openidm-authorized", }, { - "actions": "patch", - "customAuthz": "isQueryOneOf({'managed/user': ['for-userName']}) && restrictPatchToFields(['password'])", - "methods": "patch,action", - "pattern": "managed/user", - "roles": "internal/role/openidm-cert", + "actions": "*", + "methods": "query", + "pattern": "endpoint/gettasksview", + "roles": "internal/role/openidm-authorized", }, { - "actions": "*", - "customAuthz": "ownRelationshipProperty('_meta', false)", - "methods": "read", - "pattern": "internal/usermeta/*", + "actions": "complete", + "customAuthz": "isMyTask()", + "methods": "action", + "pattern": "workflow/taskinstance/*", "roles": "internal/role/openidm-authorized", }, { "actions": "*", - "customAuthz": "ownRelationshipProperty('_notifications', true)", - "methods": "read,delete", - "pattern": "internal/notification/*", + "customAuthz": "canUpdateTask()", + "methods": "read,update", + "pattern": "workflow/taskinstance/*", "roles": "internal/role/openidm-authorized", }, { "actions": "*", - "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", - "methods": "read,query", - "pattern": "managed/user/*", + "customAuthz": "isAllowedToStartProcess()", + "methods": "create", + "pattern": "workflow/processinstance", "roles": "internal/role/openidm-authorized", }, { - "actions": "", - "customAuthz": "ownDataOnly()", - "methods": "read,delete", - "pattern": "managed/alpha_user/*", + "actions": "read", + "methods": "*", + "pattern": "workflow/processdefinition/*", "roles": "internal/role/openidm-authorized", }, { - "actions": "patch", - "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('alpha_user', [])", - "methods": "update,patch,action", - "pattern": "managed/alpha_user/*", - "roles": "internal/role/openidm-authorized", + "customAuthz": "restrictPatchToFields(['password'])", + "methods": "patch", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-cert", }, { "actions": "*", - "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", - "methods": "read,query", - "pattern": "managed/alpha_user/*", + "customAuthz": "ownRelationshipProperty('_meta', false)", + "methods": "read", + "pattern": "internal/usermeta/*", "roles": "internal/role/openidm-authorized", }, { - "actions": "", - "customAuthz": "ownDataOnly()", + "actions": "*", + "customAuthz": "ownRelationshipProperty('_notifications', true)", "methods": "read,delete", - "pattern": "managed/bravo_user/*", - "roles": "internal/role/openidm-authorized", - }, - { - "actions": "patch", - "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('bravo_user', [])", - "methods": "update,patch,action", - "pattern": "managed/bravo_user/*", + "pattern": "internal/notification/*", "roles": "internal/role/openidm-authorized", }, { "actions": "*", - "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "customAuthz": "ownRelationshipCollection(['idps','_meta','_notifications'])", "methods": "read,query", - "pattern": "managed/bravo_user/*", + "pattern": "managed/user/*", "roles": "internal/role/openidm-authorized", }, { @@ -252966,2020 +252514,523 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/alphaOrgPrivileges.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/apiVersion.idm.json 1`] = ` { "idm": { - "alphaOrgPrivileges": { - "_id": "alphaOrgPrivileges", - "privileges": [ + "apiVersion": { + "_id": "apiVersion", + "warning": { + "enabled": { + "$bool": "&{openidm.apiVersion.warning.enabled|false}", + }, + "includeScripts": { + "$bool": "&{openidm.apiVersion.warning.includeScripts|false}", + }, + "logFilterResourcePaths": [ + "audit", + "authentication", + "cluster", + "config", + "consent", + "csv", + "external/rest", + "identityProviders", + "info", + "internal", + "internal/role", + "internal/user", + "internal/usermeta", + "managed", + "managed/assignment", + "managed/organization", + "managed/role", + "managed/user", + "notification", + "policy", + "privilege", + "profile", + "recon", + "recon/assoc", + "repo", + "selfservice/kba", + "selfservice/terms", + "scheduler/job", + "scheduler/trigger", + "schema", + "sync", + "sync/mappings", + "system", + "taskscanner", + ], + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/audit.idm.json 1`] = ` +{ + "idm": { + "audit": { + "_id": "audit", + "auditServiceConfig": { + "availableAuditEventHandlers": [ + "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", + "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", + "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", + "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", + ], + "caseInsensitiveFields": [ + "/access/http/request/headers", + "/access/http/response/headers", + ], + "filterPolicies": { + "field": { + "excludeIf": [], + "includeIf": [], + }, + }, + "handlerForQueries": "json", + }, + "eventHandlers": [ { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, + "class": "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "config": { + "buffering": { + "maxSize": 100000, + "writeInterval": "100 millis", }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, + "enabled": { + "$bool": "&{openidm.audit.handler.json.enabled|true}", }, - ], - "actions": [], - "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", - "name": "owner-view-update-delete-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], + "logDirectory": "&{idm.data.dir}/audit", + "name": "json", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], + }, }, { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, + "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.stdout.enabled|false}", }, - ], - "actions": [], - "filter": "/parent pr", - "name": "owner-create-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "CREATE", - ], + "name": "stdout", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], + }, }, { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, + "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.repo.enabled|false}", }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, + "name": "repo", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], + }, + }, + ], + "eventTopics": { + "access": { + "defaultEvents": true, + "filter": { + "script": { + "globals": {}, + "source": "//seantest", + "type": "groovy", }, + }, + "name": "access", + }, + "activity": { + "defaultEvents": true, + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], + }, + "name": "activity", + "passwordFields": [ + "password", ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "owner-view-update-delete-admins-and-members", - "path": "managed/alpha_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], + "watchedFields": [], }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, + "authentication": { + "defaultEvents": true, + "filter": { + "script": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", }, - { - "attribute": "city", - "readOnly": false, + }, + "name": "authentication", + }, + "config": { + "defaultEvents": true, + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], + }, + "name": "config", + }, + "recon": { + "defaultEvents": true, + "name": "recon", + }, + "sync": { + "defaultEvents": true, + "name": "sync", + }, + }, + "exceptionFormatter": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/authentication.idm.json 1`] = ` +{ + "idm": { + "authentication": { + "_id": "authentication", + "serverAuthContext": { + "authModules": [ + { + "enabled": true, + "name": "STATIC_USER", + "properties": { + "augmentSecurityContext": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, + "defaultUserRoles": [ + "internal/role/openidm-reg", + ], + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "fzE1J3P9LZOmuCuecCDnaQ==", + "iv": "nhI8UHymNRChGIyOC+5Sag==", + "keySize": 32, + "mac": "XfF7VE/o5Shv6AqW1Xe3TQ==", + "purpose": "idm.config.encryption", + "salt": "v0NHakffrjBJNL3zjhEOtg==", + "stableId": "openidm-sym-default", + }, + }, + }, + "queryOnResource": "internal/user", + "username": "anonymous", }, - { - "attribute": "postalCode", - "readOnly": false, + }, + { + "enabled": true, + "name": "STATIC_USER", + "properties": { + "defaultUserRoles": [ + "internal/role/openidm-authorized", + "internal/role/openidm-admin", + ], + "password": "&{openidm.admin.password}", + "queryOnResource": "internal/user", + "username": "openidm-admin", }, - { - "attribute": "country", - "readOnly": false, + }, + { + "enabled": true, + "name": "MANAGED_USER", + "properties": { + "augmentSecurityContext": { + "source": "var augmentYield = require('auth/customAuthz').setProtectedAttributes(security);require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, 'privileges', 'privilegeAssignments', augmentYield);", + "type": "text/javascript", + }, + "defaultUserRoles": [ + "internal/role/openidm-authorized", + ], + "propertyMapping": { + "additionalUserFields": [ + "adminOfOrg", + "ownerOfOrg", + ], + "authenticationId": "username", + "userCredential": "password", + "userRoles": "authzRoles", + }, + "queryId": "credential-query", + "queryOnResource": "managed/user", }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", - "name": "owner-create-admins", - "path": "managed/alpha_user", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", - "name": "admin-view-update-delete-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/parent pr", - "name": "admin-create-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "admin-view-update-delete-members", - "path": "managed/alpha_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", - "name": "admin-create-members", - "path": "managed/alpha_user", - "permissions": [ - "CREATE", - ], + }, + ], + "sessionModule": { + "name": "JWT_SESSION", + "properties": { + "enableDynamicRoles": false, + "isHttpOnly": true, + "maxTokenLifeMinutes": 120, + "sessionOnly": true, + "tokenIdleTimeMinutes": 30, + }, }, - ], + }, }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/audit.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/cluster.idm.json 1`] = ` { "idm": { - "audit": { - "_id": "audit", - "auditServiceConfig": { - "availableAuditEventHandlers": [ - "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", - "org.forgerock.audit.handlers.elasticsearch.ElasticsearchAuditEventHandler", - "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", - "org.forgerock.audit.handlers.json.JsonAuditEventHandler", - "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", - "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", - "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", - "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler", - "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", - ], - "caseInsensitiveFields": [ - "/access/http/request/headers", - "/access/http/response/headers", - ], - "filterPolicies": { - "value": { - "excludeIf": [ - "/access/http/request/cookies/&{com.iplanet.am.cookie.name}", - "/access/http/request/cookies/session-jwt", - "/access/http/request/headers/&{com.sun.identity.auth.cookieName}", - "/access/http/request/headers/&{com.iplanet.am.cookie.name}", - "/access/http/request/headers/accept-encoding", - "/access/http/request/headers/accept-language", - "/access/http/request/headers/Authorization", - "/access/http/request/headers/cache-control", - "/access/http/request/headers/connection", - "/access/http/request/headers/content-length", - "/access/http/request/headers/content-type", - "/access/http/request/headers/proxy-authorization", - "/access/http/request/headers/X-OpenAM-Password", - "/access/http/request/headers/X-OpenIDM-Password", - "/access/http/request/queryParameters/access_token", - "/access/http/request/queryParameters/IDToken1", - "/access/http/request/queryParameters/id_token_hint", - "/access/http/request/queryParameters/Login.Token1", - "/access/http/request/queryParameters/redirect_uri", - "/access/http/request/queryParameters/requester", - "/access/http/request/queryParameters/sessionUpgradeSSOTokenId", - "/access/http/request/queryParameters/tokenId", - "/access/http/response/headers/Authorization", - "/access/http/response/headers/Set-Cookie", - "/access/http/response/headers/X-OpenIDM-Password", - ], - "includeIf": [], - }, - }, - "handlerForQueries": "json", - }, - "eventHandlers": [ - { - "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", - "config": { - "name": "json", - "topics": [ - "access", - "activity", - "sync", - "authentication", - "config", - ], - }, - }, - { - "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", - "config": { - "enabled": false, - "name": "repo", - "topics": [ - "access", - "activity", - "sync", - "authentication", - "config", - ], - }, - }, - ], - "eventTopics": { - "activity": { - "filter": { - "actions": [ - "create", - "update", - "delete", - "patch", - "action", - ], - }, - "passwordFields": [ - "password", - ], - "watchedFields": [], - }, - "config": { - "filter": { - "actions": [ - "create", - "update", - "delete", - "patch", - "action", - ], - }, - }, - }, - "exceptionFormatter": { - "file": "bin/defaults/script/audit/stacktraceFormatter.js", - "type": "text/javascript", - }, + "cluster": { + "_id": "cluster", + "enabled": true, + "instanceCheckInInterval": 5000, + "instanceCheckInOffset": 0, + "instanceId": "&{openidm.node.id}", + "instanceRecoveryTimeout": 30000, + "instanceTimeout": 30000, }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/authentication.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/getavailableuserstoassign.idm.json 1`] = ` { "idm": { - "authentication": { - "_id": "authentication", - "rsFilter": { - "augmentSecurityContext": { - "source": "require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, security.authorization.component.includes('/alpha_') ? 'alphaOrgPrivileges' : 'bravoOrgPrivileges', 'privilegeAssignments');", - "type": "text/javascript", - }, - "cache": { - "maxTimeout": "300 seconds", - }, - "scopes": [ - "fr:idm:*", - ], - "staticUserMapping": [ - { - "localUser": "internal/user/idm-provisioning", - "roles": [ - "internal/role/openidm-admin", - ], - "subject": "autoid-resource-server", - }, - ], - "subjectMapping": [ - { - "additionalUserFields": [ - "adminOfOrg", - "ownerOfOrg", - ], - "defaultRoles": [ - "internal/role/openidm-authorized", - ], - "propertyMapping": { - "sub": "_id", - }, - "queryOnResource": "managed/{{substring realm 1}}_user", - "userRoles": "authzRoles/*", - }, - ], - }, + "endpoint/getavailableuserstoassign": { + "_id": "endpoint/getavailableuserstoassign", + "file": "workflow/getavailableuserstoassign.js", + "type": "text/javascript", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/bravoOrgPrivileges.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/getprocessesforuser.idm.json 1`] = ` { "idm": { - "bravoOrgPrivileges": { - "_id": "bravoOrgPrivileges", - "privileges": [ - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", - "name": "owner-view-update-delete-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], - }, + "endpoint/getprocessesforuser": { + "_id": "endpoint/getprocessesforuser", + "file": "workflow/getprocessesforuser.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/gettasksview.idm.json 1`] = ` +{ + "idm": { + "endpoint/gettasksview": { + "_id": "endpoint/gettasksview", + "file": "workflow/gettasksview.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/mappingDetails.idm.json 1`] = ` +{ + "idm": { + "endpoint/mappingDetails": { + "_id": "endpoint/mappingDetails", + "context": "endpoint/mappingDetails", + "file": "mappingDetails.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/oauthproxy.idm.json 1`] = ` +{ + "idm": { + "endpoint/oauthproxy": { + "_id": "endpoint/oauthproxy", + "context": "endpoint/oauthproxy", + "file": "oauthProxy.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/removeRepoPathFromRelationships.idm.json 1`] = ` +{ + "idm": { + "endpoint/removeRepoPathFromRelationships": { + "_id": "endpoint/removeRepoPathFromRelationships", + "file": "update/removeRepoPathFromRelationships.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/repairMetadata.idm.json 1`] = ` +{ + "idm": { + "endpoint/repairMetadata": { + "_id": "endpoint/repairMetadata", + "file": "meta/metadataScanner.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/updateInternalUserAndInternalRoleEntries.idm.json 1`] = ` +{ + "idm": { + "endpoint/updateInternalUserAndInternalRoleEntries": { + "_id": "endpoint/updateInternalUserAndInternalRoleEntries", + "file": "update/updateInternalUserAndInternalRoleEntries.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/validateQueryFilter.idm.json 1`] = ` +{ + "idm": { + "endpoint/validateQueryFilter": { + "_id": "endpoint/validateQueryFilter", + "context": "util/validateQueryFilter", + "source": "try { org.forgerock.openidm.query.StringQueryFilters.parse(request.content._queryFilter).accept(new org.forgerock.util.query.MapFilterVisitor(), null); } catch (e) { throw { 'code' : 400, 'message' : e.message } };", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/external.rest.idm.json 1`] = ` +{ + "idm": { + "external.rest": { + "_id": "external.rest", + "hostnameVerifier": "&{openidm.external.rest.hostnameVerifier}", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/internal.idm.json 1`] = ` +{ + "idm": { + "internal": { + "_id": "internal", + "objects": [ { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, + "name": "role", + "properties": { + "authzMembers": { + "items": { + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + }, }, - ], - "actions": [], - "filter": "/parent pr", - "name": "owner-create-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "CREATE", - ], + }, }, { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, + "name": "notification", + "properties": { + "target": { + "reversePropertyName": "_notifications", }, - ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "owner-view-update-delete-admins-and-members", - "path": "managed/bravo_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], + }, }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", - "name": "owner-create-admins", - "path": "managed/bravo_user", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", - "name": "admin-view-update-delete-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/parent pr", - "name": "admin-create-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "admin-view-update-delete-members", - "path": "managed/bravo_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", - "name": "admin-create-members", - "path": "managed/bravo_user", - "permissions": [ - "CREATE", - ], - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/Test.idm.json 1`] = ` -{ - "idm": { - "endpoint/Test": { - "_id": "endpoint/Test", - "description": "test", - "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", - "source": " (function () { - if (request.method === 'create') { - // POST - return {}; - } else if (request.method === 'read') { - // GET - return {}; - } else if (request.method === 'update') { - // PUT - return {}; - } else if (request.method === 'patch') { - return {}; - } else if (request.method === 'delete') { - return {}; - } - throw { code: 500, message: 'Unknown error' }; - }());", - "type": "text/javascript", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/testEndpoint2.idm.json 1`] = ` -{ - "idm": { - "endpoint/testEndpoint2": { - "_id": "endpoint/testEndpoint2", - "description": "", - "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", - "source": " (function () { - if (request.method === 'create') { - // POST - return {}; - } else if (request.method === 'read') { - // GET - return {}; - } else if (request.method === 'update') { - // PUT - return {}; - } else if (request.method === 'patch') { - return {}; - } else if (request.method === 'delete') { - return {}; - } - throw { code: 500, message: 'Unknown error' }; - }());", - "type": "text/javascript", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/entityId.idm.json 1`] = ` -{ - "idm": { - "entityId": { - "_id": "entityId", - "defaultLocale": "en", - "displayName": "Frodo Test Email Template Three", - "enabled": true, - "from": "", - "message": { - "en": "

You started a login or profile update that requires MFA.

Click to Proceed

", - }, - "mimeType": "text/html", - "subject": { - "en": "Multi-Factor Email for Identity Cloud login", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.email.idm.json 1`] = ` -{ - "idm": { - "external.email": { - "_id": "external.email", - "auth": { - "enable": true, - "password": "&{aic.customer.sasl.pass}", - "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", - }, - "connectiontimeout": 300000, - "debug": false, - "from": "&{email.sender.address}", - "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", - "port": 25, - "smtpProperties": [], - "ssl": { - "enable": false, - }, - "starttls": { - "enable": false, - }, - "threadPoolSize": 20, - "timeout": 300000, - "writetimeout": 300000, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.emailDefault.idm.json 1`] = ` -{ - "idm": { - "external.emailDefault": { - "_id": "external.emailDefault", - "auth": { - "enable": true, - "password": "&{aic.customer.sasl.pass}", - "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", - }, - "connectiontimeout": 300000, - "debug": false, - "from": "&{email.sender.address}", - "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", - "port": 25, - "smtpProperties": [], - "ssl": { - "enable": false, - }, - "starttls": { - "enable": false, - }, - "threadPoolSize": 20, - "timeout": 300000, - "writetimeout": 300000, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/alpha_user.idm.json 1`] = ` -{ - "idm": { - "fieldPolicy/alpha_user": { - "_id": "fieldPolicy/alpha_user", - "defaultPasswordStorageScheme": [ - { - "_id": "PBKDF2-HMAC-SHA256", - }, - ], - "passwordAttribute": "password", - "resourceCollection": "managed/alpha_user", - "type": "password-policy", - "validator": [ - { - "_id": "alpha_userPasswordPolicy-length-based-password-validator", - "enabled": true, - "maxPasswordLength": 0, - "minPasswordLength": 10, - "type": "length-based", - }, - { - "_id": "alpha_userPasswordPolicy-attribute-value-password-validator", - "checkSubstrings": true, - "enabled": true, - "matchAttribute": [ - "mail", - "userName", - "givenName", - "sn", - ], - "minSubstringLength": 5, - "testReversedPassword": true, - "type": "attribute-value", - }, - { - "_id": "alpha_userPasswordPolicy-character-set-password-validator", - "allowUnclassifiedCharacters": true, - "characterSet": [ - "0:abcdefghijklmnopqrstuvwxyz", - "0:ABCDEFGHIJKLMNOPQRSTUVWXYZ", - "0:0123456789", - "0:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", - ], - "enabled": true, - "minCharacterSets": 4, - "type": "character-set", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/bravo_user.idm.json 1`] = ` -{ - "idm": { - "fieldPolicy/bravo_user": { - "_id": "fieldPolicy/bravo_user", - "defaultPasswordStorageScheme": [ - { - "_id": "PBKDF2-HMAC-SHA256", - }, - ], - "passwordAttribute": "password", - "resourceCollection": "managed/bravo_user", - "type": "password-policy", - "validator": [ - { - "_id": "bravo_userPasswordPolicy-length-based-password-validator", - "enabled": true, - "maxPasswordLength": 0, - "minPasswordLength": 8, - "type": "length-based", - }, - { - "_id": "bravo_userPasswordPolicy-attribute-value-password-validator", - "checkSubstrings": true, - "enabled": true, - "matchAttribute": [ - "mail", - "userName", - "givenName", - "sn", - ], - "minSubstringLength": 5, - "testReversedPassword": true, - "type": "attribute-value", - }, - { - "_id": "bravo_userPasswordPolicy-character-set-password-validator", - "allowUnclassifiedCharacters": true, - "characterSet": [ - "1:abcdefghijklmnopqrstuvwxyz", - "1:ABCDEFGHIJKLMNOPQRSTUVWXYZ", - "1:0123456789", - "1:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", - ], - "enabled": true, - "type": "character-set", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/internal.idm.json 1`] = ` -{ - "idm": { - "internal": { - "_id": "internal", - "objects": [ - { - "name": "role", - "properties": { - "authzMembers": { - "items": { - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - }, - }, - }, - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/managed.idm.json 1`] = ` -{ - "idm": { - "managed": { - "_id": "managed", - "objects": [ + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/managed.idm.json 1`] = ` +{ + "idm": { + "managed": { + "_id": "managed", + "objects": [ { "lastSync": { "effectiveAssignmentsProperty": "effectiveAssignments", "lastSyncProperty": "lastSync", }, - "meta": { - "property": "_meta", - "resourceCollection": "managed/alpha_usermeta", - "trackedProperties": [ - "createDate", - "lastChanged", - ], + "name": "user", + "notifications": { + "property": "_notifications", + }, + "postDelete": { + "source": "require('postDelete-idp-cleanup').removeConnectedIdpData(oldObject, resourceName, request);require('postDelete-notification-cleanup').removeConnectedNotificationData(oldObject, resourceName, request);", + "type": "text/javascript", }, - "name": "alpha_user", - "notifications": {}, "schema": { "$schema": "http://json-schema.org/draft-03/schema", "icon": "fa-user", @@ -254990,10 +253041,8 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userName", "password", "givenName", - "cn", "sn", "mail", - "profileImage", "description", "accountStatus", "telephoneNumber", @@ -255004,15 +253053,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "stateProvince", "roles", "assignments", - "groups", - "applications", "manager", "authzRoles", "reports", "effectiveRoles", "effectiveAssignments", - "effectiveGroups", - "effectiveApplications", "lastSync", "kbaInfo", "preferences", @@ -255021,48 +253066,8 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "adminOfOrg", "memberOfOrg", "memberOfOrgIDs", - "ownerOfApp", - "frIndexedString1", - "frIndexedString2", - "frIndexedString3", - "frIndexedString4", - "frIndexedString5", - "frUnindexedString1", - "frUnindexedString2", - "frUnindexedString3", - "frUnindexedString4", - "frUnindexedString5", - "frIndexedMultivalued1", - "frIndexedMultivalued2", - "frIndexedMultivalued3", - "frIndexedMultivalued4", - "frIndexedMultivalued5", - "frUnindexedMultivalued1", - "frUnindexedMultivalued2", - "frUnindexedMultivalued3", - "frUnindexedMultivalued4", - "frUnindexedMultivalued5", - "frIndexedDate1", - "frIndexedDate2", - "frIndexedDate3", - "frIndexedDate4", - "frIndexedDate5", - "frUnindexedDate1", - "frUnindexedDate2", - "frUnindexedDate3", - "frUnindexedDate4", - "frUnindexedDate5", - "frIndexedInteger1", - "frIndexedInteger2", - "frIndexedInteger3", - "frIndexedInteger4", - "frIndexedInteger5", - "frUnindexedInteger1", - "frUnindexedInteger2", - "frUnindexedInteger3", - "frUnindexedInteger4", - "frUnindexedInteger5", - "assignedDashboard", + "activeDate", + "inactiveDate", ], "properties": { "_id": { @@ -255088,6 +253093,14 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "default": "active", "description": "Status", "isPersonal": false, + "policies": [ + { + "params": { + "regexp": "^(active|inactive)$", + }, + "policyId": "regexpMatches", + }, + ], "searchable": true, "title": "Status", "type": "string", @@ -255095,6 +253108,22 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": false, "viewable": true, }, + "activeDate": { + "description": "Active Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": false, + "title": "Active Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, "adminOfOrg": { "items": { "notifySelf": false, @@ -255117,7 +253146,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": true, - "path": "managed/alpha_organization", + "path": "managed/organization", "query": { "fields": [ "name", @@ -255140,100 +253169,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": false, "viewable": true, }, - "aliasList": { - "description": "List of identity aliases used primarily to record social IdP subjects for this user", - "isVirtual": false, - "items": { - "title": "User Alias Names Items", - "type": "string", - }, - "returnByDefault": false, - "searchable": false, - "title": "User Alias Names List", - "type": "array", - "userEditable": true, - "viewable": false, - }, - "applications": { - "description": "Applications", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", - "isPersonal": false, - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Groups Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Application", - "path": "managed/alpha_application", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [ - "name", - ], - }, - }, - ], - "reversePropertyName": "members", - "reverseRelationship": true, - "title": "Groups Items", - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "title": "Applications", - "type": "array", - "usageDescription": "", - "userEditable": false, - "viewable": false, - }, - "assignedDashboard": { - "description": "List of items to click on for this user", - "isVirtual": true, - "items": { - "title": "Assigned Dashboard Items", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "name", - ], - "referencedRelationshipFields": [ - [ - "roles", - "applications", - ], - [ - "applications", - ], - ], - }, - "searchable": false, - "title": "Assigned Dashboard", - "type": "array", - "userEditable": false, - "viewable": true, - }, "assignments": { "description": "Assignments", "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", @@ -255267,7 +253202,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "conditionalAssociationField": "condition", "label": "Assignment", - "path": "managed/alpha_assignment", + "path": "managed/assignment", "query": { "fields": [ "name", @@ -255341,60 +253276,65 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "city": { "description": "City", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "City", "type": "string", "usageDescription": "", "userEditable": true, "viewable": true, }, - "cn": { - "default": "{{givenName}} {{sn}}", - "description": "Common Name", - "isPersonal": true, - "scope": "private", - "searchable": false, - "title": "Common Name", - "type": "string", - "userEditable": false, - "viewable": false, - }, "consentedMappings": { "description": "Consented Mappings", "isPersonal": false, "isVirtual": false, "items": { - "items": { - "order": [ - "mapping", - "consentDate", - ], - "properties": { - "consentDate": { - "description": "Consent Date", - "searchable": true, - "title": "Consent Date", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "mapping": { - "description": "Mapping", - "searchable": true, - "title": "Mapping", - "type": "string", - "userEditable": true, - "viewable": true, - }, + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "format": "datetime", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, }, - "required": [ - "mapping", - "consentDate", - ], - "title": "Consented Mappings Item", - "type": "object", }, - "title": "Consented Mappings Items", - "type": "array", + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mapping", + "type": "object", }, "returnByDefault": false, "searchable": false, @@ -255407,6 +253347,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "country": { "description": "Country", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Country", "type": "string", "usageDescription": "", @@ -255416,39 +253370,26 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "description": { "description": "Description", "isPersonal": false, - "searchable": true, - "title": "Description", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "effectiveApplications": { - "description": "Effective Applications", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Assigned Application Items", - "type": "object", - }, - "queryConfig": { - "referencedObjectFields": [ - "name", - ], - "referencedRelationshipFields": [ - [ - "roles", - "applications", - ], - [ - "applications", - ], - ], - }, - "returnByDefault": true, - "title": "Effective Applications", - "type": "array", - "viewable": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, "effectiveAssignments": { "description": "Effective Assignments", @@ -255478,25 +253419,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "usageDescription": "", "viewable": false, }, - "effectiveGroups": { - "description": "Effective Groups", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Groups Items", - "type": "object", - }, - "queryConfig": { - "referencedRelationshipFields": [ - "groups", - ], - }, - "returnByDefault": true, - "title": "Effective Groups", - "type": "array", - "usageDescription": "", - "viewable": false, - }, "effectiveRoles": { "description": "Effective Roles", "isPersonal": false, @@ -255516,399 +253438,23 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "usageDescription": "", "viewable": false, }, - "frIndexedDate1": { - "description": "Generic Indexed Date 1", - "isPersonal": false, - "title": "Generic Indexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate2": { - "description": "Generic Indexed Date 2", - "isPersonal": false, - "title": "Generic Indexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate3": { - "description": "Generic Indexed Date 3", - "isPersonal": false, - "title": "Generic Indexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate4": { - "description": "Generic Indexed Date 4", - "isPersonal": false, - "title": "Generic Indexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate5": { - "description": "Generic Indexed Date 5", - "isPersonal": false, - "title": "Generic Indexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger1": { - "description": "Generic Indexed Integer 1", - "isPersonal": false, - "title": "Generic Indexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger2": { - "description": "Generic Indexed Integer 2", - "isPersonal": false, - "title": "Generic Indexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger3": { - "description": "Generic Indexed Integer 3", - "isPersonal": false, - "title": "Generic Indexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger4": { - "description": "Generic Indexed Integer 4", - "isPersonal": false, - "title": "Generic Indexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger5": { - "description": "Generic Indexed Integer 5", - "isPersonal": false, - "title": "Generic Indexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued1": { - "description": "Generic Indexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued2": { - "description": "Generic Indexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued3": { - "description": "Generic Indexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued4": { - "description": "Generic Indexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued5": { - "description": "Generic Indexed Multivalue 5", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 5", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString1": { - "description": "Generic Indexed String 1", - "isPersonal": false, - "title": "Generic Indexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString2": { - "description": "Generic Indexed String 2", - "isPersonal": false, - "title": "Generic Indexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString3": { - "description": "Generic Indexed String 3", - "isPersonal": false, - "title": "Generic Indexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString4": { - "description": "Generic Indexed String 4", - "isPersonal": false, - "title": "Generic Indexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString5": { - "description": "Generic Indexed String 5", - "isPersonal": false, - "title": "Generic Indexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate1": { - "description": "Generic Unindexed Date 1", - "isPersonal": false, - "title": "Generic Unindexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate2": { - "description": "Generic Unindexed Date 2", - "isPersonal": false, - "title": "Generic Unindexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate3": { - "description": "Generic Unindexed Date 3", - "isPersonal": false, - "title": "Generic Unindexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate4": { - "description": "Generic Unindexed Date 4", - "isPersonal": false, - "title": "Generic Unindexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate5": { - "description": "Generic Unindexed Date 5", - "isPersonal": false, - "title": "Generic Unindexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger1": { - "description": "Generic Unindexed Integer 1", - "isPersonal": false, - "title": "Generic Unindexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger2": { - "description": "Generic Unindexed Integer 2", - "isPersonal": false, - "title": "Generic Unindexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger3": { - "description": "Generic Unindexed Integer 3", - "isPersonal": false, - "title": "Generic Unindexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger4": { - "description": "Generic Unindexed Integer 4", - "isPersonal": false, - "title": "Generic Unindexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger5": { - "description": "Generic Unindexed Integer 5", - "isPersonal": false, - "title": "Generic Unindexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued1": { - "description": "Generic Unindexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued2": { - "description": "Generic Unindexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued3": { - "description": "Generic Unindexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued4": { - "description": "Generic Unindexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued5": { - "description": "Generic Unindexed Multivalue 5", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 5", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString1": { - "description": "Generic Unindexed String 1", - "isPersonal": false, - "title": "Generic Unindexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString2": { - "description": "Generic Unindexed String 2", - "isPersonal": false, - "title": "Generic Unindexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString3": { - "description": "Generic Unindexed String 3", - "isPersonal": false, - "title": "Generic Unindexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString4": { - "description": "Generic Unindexed String 4", - "isPersonal": false, - "title": "Generic Unindexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString5": { - "description": "Generic Unindexed String 5", - "isPersonal": false, - "title": "Generic Unindexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, "givenName": { "description": "First Name", "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "searchable": true, "title": "First Name", "type": "string", @@ -255916,58 +253462,18 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": true, "viewable": true, }, - "groups": { - "description": "Groups", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "inactiveDate": { + "description": "Inactive Date", + "format": "datetime", "isPersonal": false, - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Groups Items _refProperties", - "type": "object", - }, + "policies": [ + { + "policyId": "valid-datetime", }, - "resourceCollection": [ - { - "conditionalAssociationField": "condition", - "label": "Group", - "path": "managed/alpha_group", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "members", - "reverseRelationship": true, - "title": "Groups Items", - "type": "relationship", - "validate": true, - }, - "relationshipGrantTemporalConstraintsEnforced": false, - "returnByDefault": false, - "title": "Groups", - "type": "array", + ], + "searchable": false, + "title": "Inactive Date", + "type": "string", "usageDescription": "", "userEditable": false, "viewable": true, @@ -256023,6 +253529,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "timestamp": { "description": "Timestamp", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], "type": "string", }, }, @@ -256041,6 +253552,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "policyId": "valid-email-address-format", }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, ], "searchable": true, "title": "Email Address", @@ -256072,7 +253589,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "resourceCollection": [ { "label": "User", - "path": "managed/alpha_user", + "path": "managed/user", "query": { "fields": [ "userName", @@ -256115,7 +253632,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": false, - "path": "managed/alpha_organization", + "path": "managed/organization", "query": { "fields": [ "name", @@ -256161,49 +253678,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": false, "viewable": false, }, - "ownerOfApp": { - "items": { - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Application", - "path": "managed/alpha_application", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [ - "name", - ], - }, - }, - ], - "reversePropertyName": "owners", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Applications I Own", - "type": "array", - "userEditable": false, - "viewable": true, - }, "ownerOfOrg": { "items": { "notifySelf": false, @@ -256226,7 +253700,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": true, - "path": "managed/alpha_organization", + "path": "managed/organization", "query": { "fields": [ "name", @@ -256251,8 +253725,41 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "password": { "description": "Password", + "encryption": { + "purpose": "idm.password.encryption", + }, "isPersonal": false, "isProtected": true, + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", + }, + { + "params": { + "numCaps": 1, + }, + "policyId": "at-least-X-capitals", + }, + { + "params": { + "numNums": 1, + }, + "policyId": "at-least-X-numbers", + }, + { + "params": { + "disallowedFields": [ + "userName", + "givenName", + "sn", + ], + }, + "policyId": "cannot-contain-others", + }, + ], "scope": "private", "searchable": false, "title": "Password", @@ -256264,6 +253771,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "postalAddress": { "description": "Address 1", "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Address 1", "type": "string", "usageDescription": "", @@ -256273,6 +253794,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "postalCode": { "description": "Postal Code", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Postal Code", "type": "string", "usageDescription": "", @@ -256304,16 +253839,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": true, "viewable": true, }, - "profileImage": { - "description": "Profile Image", - "isPersonal": true, - "searchable": true, - "title": "Profile Image", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": false, - }, "reports": { "description": "Direct Reports", "isPersonal": false, @@ -256339,7 +253864,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "resourceCollection": [ { "label": "User", - "path": "managed/alpha_user", + "path": "managed/user", "query": { "fields": [ "userName", @@ -256396,7 +253921,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "conditionalAssociationField": "condition", "label": "Role", - "path": "managed/alpha_role", + "path": "managed/role", "query": { "fields": [ "name", @@ -256422,6 +253947,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "sn": { "description": "Last Name", "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "searchable": true, "title": "Last Name", "type": "string", @@ -256432,6 +253971,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "stateProvince": { "description": "State/Province", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "State/Province", "type": "string", "usageDescription": "", @@ -256442,6 +253995,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "description": "Telephone Number", "isPersonal": true, "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Telephone Number", "type": "string", "usageDescription": "", @@ -256451,7 +254018,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userName": { "description": "Username", "isPersonal": true, - "minLength": 1, "policies": [ { "policyId": "valid-username", @@ -256491,206 +254057,44 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "sn", "mail", ], - "title": "Alpha realm - User", + "title": "User", "type": "object", "viewable": true, }, }, { - "lastSync": { - "effectiveAssignmentsProperty": "effectiveAssignments", - "lastSyncProperty": "lastSync", - }, - "meta": { - "property": "_meta", - "resourceCollection": "managed/bravo_usermeta", - "trackedProperties": [ - "createDate", - "lastChanged", - ], + "name": "role", + "onCreate": { + "globals": {}, + "source": "//asdfasdfadsfasdf", + "type": "text/javascript", }, - "name": "bravo_user", - "notifications": {}, "schema": { - "$schema": "http://json-schema.org/draft-03/schema", - "icon": "fa-user", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", - "mat-icon": "people", + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-check-square", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", "order": [ "_id", - "userName", - "password", - "givenName", - "cn", - "sn", - "mail", - "profileImage", + "name", "description", - "accountStatus", - "telephoneNumber", - "postalAddress", - "city", - "postalCode", - "country", - "stateProvince", - "roles", + "members", "assignments", - "groups", - "applications", - "manager", - "authzRoles", - "reports", - "effectiveRoles", - "effectiveAssignments", - "effectiveGroups", - "effectiveApplications", - "lastSync", - "kbaInfo", - "preferences", - "consentedMappings", - "ownerOfOrg", - "adminOfOrg", - "memberOfOrg", - "memberOfOrgIDs", - "ownerOfApp", - "frIndexedString1", - "frIndexedString2", - "frIndexedString3", - "frIndexedString4", - "frIndexedString5", - "frUnindexedString1", - "frUnindexedString2", - "frUnindexedString3", - "frUnindexedString4", - "frUnindexedString5", - "frIndexedMultivalued1", - "frIndexedMultivalued2", - "frIndexedMultivalued3", - "frIndexedMultivalued4", - "frIndexedMultivalued5", - "frUnindexedMultivalued1", - "frUnindexedMultivalued2", - "frUnindexedMultivalued3", - "frUnindexedMultivalued4", - "frUnindexedMultivalued5", - "frIndexedDate1", - "frIndexedDate2", - "frIndexedDate3", - "frIndexedDate4", - "frIndexedDate5", - "frUnindexedDate1", - "frUnindexedDate2", - "frUnindexedDate3", - "frUnindexedDate4", - "frUnindexedDate5", - "frIndexedInteger1", - "frIndexedInteger2", - "frIndexedInteger3", - "frIndexedInteger4", - "frIndexedInteger5", - "frUnindexedInteger1", - "frUnindexedInteger2", - "frUnindexedInteger3", - "frUnindexedInteger4", - "frUnindexedInteger5", - "assignedDashboard", + "condition", + "temporalConstraints", ], "properties": { "_id": { - "description": "User ID", - "isPersonal": false, - "policies": [ - { - "params": { - "forbiddenChars": [ - "/", - ], - }, - "policyId": "cannot-contain-characters", - }, - ], + "description": "Role ID", "searchable": false, + "title": "Name", "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": false, - }, - "accountStatus": { - "default": "active", - "description": "Status", - "isPersonal": false, - "searchable": true, - "title": "Status", - "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": true, - }, - "adminOfOrg": { - "items": { - "notifySelf": false, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": true, - "path": "managed/bravo_organization", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "admins", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Organizations I Administer", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "aliasList": { - "description": "List of identity aliases used primarily to record social IdP subjects for this user", - "isVirtual": false, - "items": { - "title": "User Alias Names Items", - "type": "string", - }, - "returnByDefault": false, - "searchable": false, - "title": "User Alias Names List", - "type": "array", - "userEditable": true, "viewable": false, }, - "applications": { - "description": "Applications", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", - "isPersonal": false, + "assignments": { + "description": "Managed Assignments", "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", "notifySelf": true, "properties": { "_ref": { @@ -256705,73 +254109,55 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "type": "string", }, }, - "title": "Groups Items _refProperties", + "title": "Managed Assignments Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "label": "Application", - "path": "managed/bravo_application", + "label": "Assignment", + "path": "managed/assignment", "query": { "fields": [ "name", ], "queryFilter": "true", - "sortKeys": [ - "name", - ], }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "roles", "reverseRelationship": true, - "title": "Groups Items", + "title": "Managed Assignments Items", "type": "relationship", "validate": true, }, + "notifyRelationships": [ + "members", + ], "returnByDefault": false, - "title": "Applications", + "title": "Managed Assignments", "type": "array", - "usageDescription": "", - "userEditable": false, - "viewable": false, + "viewable": true, }, - "assignedDashboard": { - "description": "List of items to click on for this user", - "isVirtual": true, - "items": { - "title": "Assigned Dashboard Items", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "name", - ], - "referencedRelationshipFields": [ - [ - "roles", - "applications", - ], - [ - "applications", - ], - ], - }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, "searchable": false, - "title": "Assigned Dashboard", - "type": "array", - "userEditable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", "viewable": true, }, - "assignments": { - "description": "Assignments", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", - "isPersonal": false, + "members": { + "description": "Role Members", "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", - "notifySelf": true, + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", "properties": { "_ref": { "description": "References a relationship from a managed object", @@ -256790,670 +254176,194 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "type": "string", }, }, - "title": "Provisioning Roles Items _refProperties", + "title": "Role Members Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "conditionalAssociationField": "condition", - "label": "Assignment", - "path": "managed/bravo_assignment", + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "roles", "reverseRelationship": true, - "title": "Assignments Items", + "title": "Role Members Items", "type": "relationship", "validate": true, }, + "relationshipGrantTemporalConstraintsEnforced": true, "returnByDefault": false, - "title": "Assignments", + "title": "Role Members", "type": "array", - "usageDescription": "", - "userEditable": false, "viewable": true, }, - "authzRoles": { - "description": "Authorization Roles", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", - "isPersonal": false, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "order": [ + "duration", + ], "properties": { - "_ref": { - "description": "References a relationship from a managed object", + "duration": { + "description": "Duration", "type": "string", }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Authorization Roles Items _refProperties", - "type": "object", - }, }, - "resourceCollection": [ - { - "conditionalAssociationField": "condition", - "label": "Internal Role", - "path": "internal/role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, + "required": [ + "duration", ], - "reversePropertyName": "authzMembers", - "reverseRelationship": true, - "title": "Authorization Roles Items", - "type": "relationship", - "validate": true, + "title": "Temporal Constraints Items", + "type": "object", }, - "returnByDefault": false, - "title": "Authorization Roles", + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", "type": "array", - "usageDescription": "", - "userEditable": false, - "viewable": true, - }, - "city": { - "description": "City", - "isPersonal": false, - "title": "City", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, + "viewable": false, }, - "cn": { - "default": "{{givenName}} {{sn}}", - "description": "Common Name", - "isPersonal": true, - "scope": "private", + }, + "required": [ + "name", + ], + "title": "Role", + "type": "object", + }, + }, + { + "attributeEncryption": {}, + "name": "assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", "searchable": false, - "title": "Common Name", + "title": "Name", "type": "string", - "userEditable": false, "viewable": false, }, - "consentedMappings": { - "description": "Consented Mappings", - "isPersonal": false, - "isVirtual": false, + "attributes": { + "description": "The attributes operated on by this assignment.", "items": { - "items": { - "order": [ - "mapping", - "consentDate", - ], - "properties": { - "consentDate": { - "description": "Consent Date", - "searchable": true, - "title": "Consent Date", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "mapping": { - "description": "Mapping", - "searchable": true, - "title": "Mapping", - "type": "string", - "userEditable": true, - "viewable": true, - }, + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", }, - "required": [ - "mapping", - "consentDate", - ], - "title": "Consented Mappings Item", - "type": "object", }, - "title": "Consented Mappings Items", - "type": "array", + "required": [], + "title": "Assignment Attributes Items", + "type": "object", }, - "returnByDefault": false, - "searchable": false, - "title": "Consented Mappings", + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": false, + "viewable": true, }, - "country": { - "description": "Country", - "isPersonal": false, - "title": "Country", + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, + "viewable": false, }, "description": { - "description": "Description", - "isPersonal": false, + "description": "The assignment description, used for display purposes.", "searchable": true, "title": "Description", "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "effectiveApplications": { - "description": "Effective Applications", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Assigned Application Items", - "type": "object", - }, - "queryConfig": { - "referencedObjectFields": [ - "name", - ], - "referencedRelationshipFields": [ - [ - "roles", - "applications", - ], - [ - "applications", - ], - ], - }, - "returnByDefault": true, - "title": "Effective Applications", - "type": "array", - "viewable": false, - }, - "effectiveAssignments": { - "description": "Effective Assignments", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Assignments Items", - "type": "object", - }, - "queryConfig": { - "referencedObjectFields": [ - "*", - ], - "referencedRelationshipFields": [ - [ - "roles", - "assignments", - ], - [ - "assignments", - ], - ], - }, - "returnByDefault": true, - "title": "Effective Assignments", - "type": "array", - "usageDescription": "", - "viewable": false, - }, - "effectiveGroups": { - "description": "Effective Groups", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Groups Items", - "type": "object", - }, - "queryConfig": { - "referencedRelationshipFields": [ - "groups", - ], - }, - "returnByDefault": true, - "title": "Effective Groups", - "type": "array", - "usageDescription": "", - "viewable": false, - }, - "effectiveRoles": { - "description": "Effective Roles", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Roles Items", - "type": "object", - }, - "queryConfig": { - "referencedRelationshipFields": [ - "roles", - ], - }, - "returnByDefault": true, - "title": "Effective Roles", - "type": "array", - "usageDescription": "", - "viewable": false, - }, - "frIndexedDate1": { - "description": "Generic Indexed Date 1", - "isPersonal": false, - "title": "Generic Indexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate2": { - "description": "Generic Indexed Date 2", - "isPersonal": false, - "title": "Generic Indexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate3": { - "description": "Generic Indexed Date 3", - "isPersonal": false, - "title": "Generic Indexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate4": { - "description": "Generic Indexed Date 4", - "isPersonal": false, - "title": "Generic Indexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate5": { - "description": "Generic Indexed Date 5", - "isPersonal": false, - "title": "Generic Indexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger1": { - "description": "Generic Indexed Integer 1", - "isPersonal": false, - "title": "Generic Indexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger2": { - "description": "Generic Indexed Integer 2", - "isPersonal": false, - "title": "Generic Indexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger3": { - "description": "Generic Indexed Integer 3", - "isPersonal": false, - "title": "Generic Indexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger4": { - "description": "Generic Indexed Integer 4", - "isPersonal": false, - "title": "Generic Indexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger5": { - "description": "Generic Indexed Integer 5", - "isPersonal": false, - "title": "Generic Indexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued1": { - "description": "Generic Indexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued2": { - "description": "Generic Indexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued3": { - "description": "Generic Indexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued4": { - "description": "Generic Indexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued5": { - "description": "Generic Indexed Multivalue 5", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 5", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString1": { - "description": "Generic Indexed String 1", - "isPersonal": false, - "title": "Generic Indexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString2": { - "description": "Generic Indexed String 2", - "isPersonal": false, - "title": "Generic Indexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString3": { - "description": "Generic Indexed String 3", - "isPersonal": false, - "title": "Generic Indexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString4": { - "description": "Generic Indexed String 4", - "isPersonal": false, - "title": "Generic Indexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString5": { - "description": "Generic Indexed String 5", - "isPersonal": false, - "title": "Generic Indexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate1": { - "description": "Generic Unindexed Date 1", - "isPersonal": false, - "title": "Generic Unindexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate2": { - "description": "Generic Unindexed Date 2", - "isPersonal": false, - "title": "Generic Unindexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate3": { - "description": "Generic Unindexed Date 3", - "isPersonal": false, - "title": "Generic Unindexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate4": { - "description": "Generic Unindexed Date 4", - "isPersonal": false, - "title": "Generic Unindexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate5": { - "description": "Generic Unindexed Date 5", - "isPersonal": false, - "title": "Generic Unindexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger1": { - "description": "Generic Unindexed Integer 1", - "isPersonal": false, - "title": "Generic Unindexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger2": { - "description": "Generic Unindexed Integer 2", - "isPersonal": false, - "title": "Generic Unindexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger3": { - "description": "Generic Unindexed Integer 3", - "isPersonal": false, - "title": "Generic Unindexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger4": { - "description": "Generic Unindexed Integer 4", - "isPersonal": false, - "title": "Generic Unindexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger5": { - "description": "Generic Unindexed Integer 5", - "isPersonal": false, - "title": "Generic Unindexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued1": { - "description": "Generic Unindexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued2": { - "description": "Generic Unindexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued3": { - "description": "Generic Unindexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued4": { - "description": "Generic Unindexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, "viewable": true, }, - "frUnindexedMultivalued5": { - "description": "Generic Unindexed Multivalue 5", - "isPersonal": false, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", "items": { + "title": "Link Qualifiers Items", "type": "string", }, - "title": "Generic Unindexed Multivalue 5", + "title": "Link Qualifiers", "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString1": { - "description": "Generic Unindexed String 1", - "isPersonal": false, - "title": "Generic Unindexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString2": { - "description": "Generic Unindexed String 2", - "isPersonal": false, - "title": "Generic Unindexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString3": { - "description": "Generic Unindexed String 3", - "isPersonal": false, - "title": "Generic Unindexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString4": { - "description": "Generic Unindexed String 4", - "isPersonal": false, - "title": "Generic Unindexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString5": { - "description": "Generic Unindexed String 5", - "isPersonal": false, - "title": "Generic Unindexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, "viewable": true, }, - "givenName": { - "description": "First Name", - "isPersonal": true, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], "searchable": true, - "title": "First Name", + "title": "Mapping", "type": "string", - "usageDescription": "", - "userEditable": true, "viewable": true, }, - "groups": { - "description": "Groups", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", - "isPersonal": false, + "members": { + "description": "Assignment Members", "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", - "notifySelf": true, + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", "properties": { "_ref": { "description": "References a relationship from a managed object", @@ -257472,228 +254382,171 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "type": "string", }, }, - "title": "Groups Items _refProperties", + "title": "Assignment Members Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "conditionalAssociationField": "condition", - "label": "Group", - "path": "managed/bravo_group", + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "assignments", "reverseRelationship": true, - "title": "Groups Items", + "title": "Assignment Members Items", "type": "relationship", "validate": true, }, - "relationshipGrantTemporalConstraintsEnforced": false, "returnByDefault": false, - "title": "Groups", + "title": "Assignment Members", "type": "array", - "usageDescription": "", - "userEditable": false, "viewable": true, }, - "kbaInfo": { - "description": "KBA Info", - "isPersonal": true, - "items": { - "order": [ - "answer", - "customQuestion", - "questionId", - ], - "properties": { - "answer": { - "description": "Answer", - "type": "string", - }, - "customQuestion": { - "description": "Custom question", - "type": "string", - }, - "questionId": { - "description": "Question ID", - "type": "string", - }, - }, - "required": [], - "title": "KBA Info Items", - "type": "object", - }, - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": false, - }, - "lastSync": { - "description": "Last Sync timestamp", - "isPersonal": false, - "order": [ - "effectiveAssignments", - "timestamp", - ], - "properties": { - "effectiveAssignments": { - "description": "Effective Assignments", - "items": { - "title": "Effective Assignments Items", - "type": "object", - }, - "title": "Effective Assignments", - "type": "array", - }, - "timestamp": { - "description": "Timestamp", - "type": "string", - }, - }, - "required": [], - "scope": "private", - "searchable": false, - "title": "Last Sync timestamp", - "type": "object", - "usageDescription": "", - "viewable": false, - }, - "mail": { - "description": "Email Address", - "isPersonal": true, - "policies": [ - { - "policyId": "valid-email-address-format", - }, - ], + "name": { + "description": "The assignment name, used for display purposes.", "searchable": true, - "title": "Email Address", + "title": "Name", "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "manager": { - "description": "Manager", - "isPersonal": false, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Manager _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "reports", - "reverseRelationship": true, - "searchable": false, - "title": "Manager", - "type": "relationship", - "usageDescription": "", - "userEditable": false, - "validate": true, "viewable": true, }, - "memberOfOrg": { + "roles": { + "description": "Managed Roles", "items": { - "notifySelf": true, + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", "properties": { "_ref": { + "description": "References a relationship from a managed object", "type": "string", }, "_refProperties": { + "description": "Supports metadata within the relationship", "properties": { "_id": { - "propName": "_id", - "required": false, + "description": "_refProperties object ID", "type": "string", }, }, + "title": "Managed Roles Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "label": "Organization", - "notify": false, - "path": "managed/bravo_organization", + "label": "Role", + "notify": true, + "path": "managed/role", "query": { "fields": [ "name", ], "queryFilter": "true", - "sortKeys": [], }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "assignments", "reverseRelationship": true, + "title": "Managed Roles Items", "type": "relationship", "validate": true, }, - "policies": [], "returnByDefault": false, - "searchable": false, - "title": "Organizations to which I Belong", + "title": "Managed Roles", "type": "array", "userEditable": false, "viewable": true, }, - "memberOfOrgIDs": { + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Assignment", + "type": "object", + }, + }, + { + "name": "organization", + "onCreate": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, + "onRead": { + "globals": {}, + "source": "//seantest", + "type": "groovy", + }, + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { "isVirtual": true, "items": { - "title": "org identifiers", + "title": "admin ids", "type": "string", }, "queryConfig": { "flattenProperties": true, "referencedObjectFields": [ "_id", - "parentIDs", ], "referencedRelationshipFields": [ - "memberOfOrg", + "admins", ], }, "returnByDefault": true, "searchable": false, - "title": "MemberOfOrgIDs", + "title": "Admin user ids", "type": "array", "userEditable": false, "viewable": false, }, - "ownerOfApp": { + "admins": { "items": { + "notifySelf": true, "properties": { "_ref": { "type": "string", @@ -257701,7 +254554,8 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "_refProperties": { "properties": { "_id": { - "description": "_refProperties object ID", + "propName": "_id", + "required": false, "type": "string", }, }, @@ -257710,34 +254564,39 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "resourceCollection": [ { - "label": "Application", - "path": "managed/bravo_application", + "label": "User", + "notify": false, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", - "sortKeys": [ - "name", - ], + "sortKeys": [], }, }, ], - "reversePropertyName": "owners", + "reversePropertyName": "adminOfOrg", "reverseRelationship": true, "type": "relationship", "validate": true, }, + "notifyRelationships": [ + "children", + ], "returnByDefault": false, "searchable": false, - "title": "Applications I Own", + "title": "Administrators", "type": "array", "userEditable": false, "viewable": true, }, - "ownerOfOrg": { + "children": { + "description": "Child Organizations", "items": { - "notifySelf": false, + "notifySelf": true, "properties": { "_ref": { "type": "string", @@ -257757,17 +254616,18 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": true, - "path": "managed/bravo_organization", + "path": "managed/organization", "query": { "fields": [ "name", + "description", ], "queryFilter": "true", "sortKeys": [], }, }, ], - "reversePropertyName": "owners", + "reversePropertyName": "parent", "reverseRelationship": true, "type": "relationship", "validate": true, @@ -257775,102 +254635,41 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "policies": [], "returnByDefault": false, "searchable": false, - "title": "Organizations I Own", + "title": "Child Organizations", "type": "array", "userEditable": false, - "viewable": true, - }, - "password": { - "description": "Password", - "isPersonal": false, - "isProtected": true, - "scope": "private", - "searchable": false, - "title": "Password", - "type": "string", - "usageDescription": "", - "userEditable": true, "viewable": false, }, - "postalAddress": { - "description": "Address 1", - "isPersonal": true, - "title": "Address 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "postalCode": { - "description": "Postal Code", - "isPersonal": false, - "title": "Postal Code", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "preferences": { - "description": "Preferences", - "isPersonal": false, - "order": [ - "updates", - "marketing", - ], - "properties": { - "marketing": { - "description": "Send me special offers and services", - "type": "boolean", - }, - "updates": { - "description": "Send me news and updates", - "type": "boolean", - }, - }, - "required": [], - "searchable": false, - "title": "Preferences", - "type": "object", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "profileImage": { - "description": "Profile Image", - "isPersonal": true, + "description": { "searchable": true, - "title": "Profile Image", + "title": "Description", "type": "string", - "usageDescription": "", "userEditable": true, - "viewable": false, + "viewable": true, }, - "reports": { - "description": "Direct Reports", - "isPersonal": false, + "members": { "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "notifySelf": false, "properties": { "_ref": { - "description": "References a relationship from a managed object", "type": "string", }, "_refProperties": { - "description": "Supports metadata within the relationship", "properties": { "_id": { - "description": "_refProperties object ID", + "propName": "_id", + "required": false, "type": "string", }, }, - "title": "Direct Reports Items _refProperties", "type": "object", }, }, "resourceCollection": [ { "label": "User", - "path": "managed/bravo_user", + "notify": true, + "path": "managed/user", "query": { "fields": [ "userName", @@ -257878,2808 +254677,2541 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "sn", ], "queryFilter": "true", + "sortKeys": [], }, }, ], - "reversePropertyName": "manager", + "reversePropertyName": "memberOfOrg", "reverseRelationship": true, - "title": "Direct Reports Items", "type": "relationship", "validate": true, }, "returnByDefault": false, - "title": "Direct Reports", + "searchable": false, + "title": "Members", "type": "array", - "usageDescription": "", "userEditable": false, "viewable": true, }, - "roles": { - "description": "Provisioning Roles", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", - "isPersonal": false, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Provisioning Roles Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociationField": "condition", - "label": "Role", - "path": "managed/bravo_role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", ], - "reversePropertyName": "members", - "reverseRelationship": true, - "title": "Provisioning Roles Items", - "type": "relationship", - "validate": true, }, - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Provisioning Roles", + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", "type": "array", - "usageDescription": "", "userEditable": false, - "viewable": true, - }, - "sn": { - "description": "Last Name", - "isPersonal": true, - "searchable": true, - "title": "Last Name", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "stateProvince": { - "description": "State/Province", - "isPersonal": false, - "title": "State/Province", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "telephoneNumber": { - "description": "Telephone Number", - "isPersonal": true, - "pattern": "^\\+?([0-9\\- \\(\\)])*$", - "title": "Telephone Number", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "userName": { - "description": "Username", - "isPersonal": true, - "minLength": 1, - "policies": [ - { - "policyId": "valid-username", - }, - { - "params": { - "forbiddenChars": [ - "/", - ], - }, - "policyId": "cannot-contain-characters", - }, - { - "params": { - "minLength": 1, - }, - "policyId": "minimum-length", - }, - { - "params": { - "maxLength": 255, - }, - "policyId": "maximum-length", - }, - ], - "searchable": true, - "title": "Username", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - }, - "required": [ - "userName", - "givenName", - "sn", - "mail", - ], - "title": "Bravo realm - User", - "type": "object", - "viewable": true, - }, - }, - { - "name": "alpha_role", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "", - "icon": "fa-check-square-o", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", - "mat-icon": "assignment_ind", - "order": [ - "_id", - "name", - "description", - "members", - "assignments", - "applications", - "condition", - "temporalConstraints", - ], - "properties": { - "_id": { - "description": "Role ID", - "searchable": false, - "title": "Name", - "type": "string", "viewable": false, }, - "applications": { - "description": "Role Applications", + "owners": { "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", "notifySelf": true, "properties": { "_ref": { - "description": "References a relationship from a managed object", "type": "string", }, "_refProperties": { - "description": "Supports metadata within the relationship", "properties": { "_id": { - "description": "_refProperties object ID", + "propName": "_id", + "required": false, "type": "string", }, }, - "title": "Role Application Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "label": "Application", - "path": "managed/alpha_application", + "label": "User", + "notify": false, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", + "sortKeys": [], }, }, ], - "reversePropertyName": "roles", + "reversePropertyName": "ownerOfOrg", "reverseRelationship": true, - "title": "Role Application Items", "type": "relationship", "validate": true, }, "notifyRelationships": [ - "members", + "children", ], - "relationshipGrantTemporalConstraintsEnforced": true, "returnByDefault": false, - "title": "Applications", + "searchable": false, + "title": "Owner", "type": "array", - "viewable": false, + "userEditable": false, + "viewable": true, }, - "assignments": { - "description": "Managed Assignments", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Managed Assignments Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Assignment", - "path": "managed/alpha_assignment", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Managed Assignments Items", - "type": "relationship", - "validate": true, - }, + "parent": { + "description": "Parent Organization", "notifyRelationships": [ + "children", "members", ], - "returnByDefault": false, - "title": "Managed Assignments", - "type": "array", - "viewable": true, - }, - "condition": { - "description": "A conditional filter for this role", - "isConditional": true, - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, - }, - "description": { - "description": "The role description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "members": { - "description": "Role Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Role Members Items _refProperties", - "type": "object", - }, + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", }, }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Role Members Items", - "type": "relationship", - "validate": true, + "type": "object", + }, }, - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Role Members", - "type": "array", - "viewable": true, - }, - "name": { - "description": "The role name, used for display purposes.", - "policies": [ + "resourceCollection": [ { - "policyId": "unique", + "label": "Organization", + "notify": false, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, }, ], - "searchable": true, - "title": "Name", - "type": "string", + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, "viewable": true, }, - "temporalConstraints": { - "description": "An array of temporal constraints for a role", - "isTemporalConstraint": true, + "parentAdminIDs": { + "isVirtual": true, "items": { - "order": [ - "duration", + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", ], - "properties": { - "duration": { - "description": "Duration", - "type": "string", - }, - }, - "required": [ - "duration", + "referencedRelationshipFields": [ + "parent", ], - "title": "Temporal Constraints Items", - "type": "object", }, - "notifyRelationships": [ - "members", - ], "returnByDefault": true, - "title": "Temporal Constraints", - "type": "array", - "viewable": false, - }, - }, - "required": [ - "name", - ], - "title": "Alpha realm - Role", - "type": "object", - }, - }, - { - "name": "bravo_role", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "", - "icon": "fa-check-square-o", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", - "mat-icon": "assignment_ind", - "order": [ - "_id", - "name", - "description", - "members", - "assignments", - "applications", - "condition", - "temporalConstraints", - ], - "properties": { - "_id": { - "description": "Role ID", "searchable": false, - "title": "Name", - "type": "string", - "viewable": false, - }, - "applications": { - "description": "Role Applications", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Role Application Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Application", - "path": "managed/bravo_application", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Role Application Items", - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "members", - ], - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Applications", + "title": "user ids of parent admins", "type": "array", + "userEditable": false, "viewable": false, }, - "assignments": { - "description": "Managed Assignments", + "parentIDs": { + "isVirtual": true, "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Managed Assignments Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Assignment", - "path": "managed/bravo_assignment", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Managed Assignments Items", - "type": "relationship", - "validate": true, }, - "notifyRelationships": [ - "members", - ], - "returnByDefault": false, - "title": "Managed Assignments", - "type": "array", - "viewable": true, - }, - "condition": { - "description": "A conditional filter for this role", - "isConditional": true, + "returnByDefault": true, "searchable": false, - "title": "Condition", - "type": "string", + "title": "parent org ids", + "type": "array", + "userEditable": false, "viewable": false, }, - "description": { - "description": "The role description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "members": { - "description": "Role Members", + "parentOwnerIDs": { + "isVirtual": true, "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Role Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Role Members Items", - "type": "relationship", - "validate": true, + "title": "user ids of parent owners", + "type": "string", }, - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Role Members", - "type": "array", - "viewable": true, - }, - "name": { - "description": "The role name, used for display purposes.", - "policies": [ - { - "policyId": "unique", - }, - ], - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, - }, - "temporalConstraints": { - "description": "An array of temporal constraints for a role", - "isTemporalConstraint": true, - "items": { - "order": [ - "duration", + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", ], - "properties": { - "duration": { - "description": "Duration", - "type": "string", - }, - }, - "required": [ - "duration", + "referencedRelationshipFields": [ + "parent", ], - "title": "Temporal Constraints Items", - "type": "object", }, - "notifyRelationships": [ - "members", - ], "returnByDefault": true, - "title": "Temporal Constraints", + "searchable": false, + "title": "user ids of parent owners", "type": "array", + "userEditable": false, "viewable": false, }, }, "required": [ "name", ], - "title": "Bravo realm - Role", + "title": "Organization", "type": "object", }, }, { - "attributeEncryption": {}, - "name": "alpha_assignment", + "name": "seantestmanagedobject", "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "A role assignment", - "icon": "fa-key", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", - "mat-icon": "vpn_key", - "order": [ - "_id", - "name", - "description", - "type", - "mapping", - "attributes", - "linkQualifiers", - "roles", - "members", - "condition", - "weight", - ], - "properties": { - "_id": { - "description": "The assignment ID", - "searchable": false, - "title": "Name", - "type": "string", - "viewable": false, - }, - "attributes": { - "description": "The attributes operated on by this assignment.", - "items": { - "order": [ - "assignmentOperation", - "unassignmentOperation", - "name", - "value", - ], - "properties": { - "assignmentOperation": { - "description": "Assignment operation", - "type": "string", - }, - "name": { - "description": "Name", - "type": "string", - }, - "unassignmentOperation": { - "description": "Unassignment operation", - "type": "string", - }, - "value": { - "description": "Value", - "type": "string", - }, + "description": null, + "icon": "fa-database", + "mat-icon": null, + "title": null, + }, + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/metrics.idm.json 1`] = ` +{ + "idm": { + "metrics": { + "_id": "metrics", + "enabled": false, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/notification/passwordUpdate.idm.json 1`] = ` +{ + "idm": { + "notification/passwordUpdate": { + "_id": "notification/passwordUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "password", + ], + }, + "type": "groovy", + }, + "enabled": { + "$bool": "&{openidm.notifications.passwordUpdate|false}", + }, + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your password has been updated.", + "notificationType": "info", + }, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/notification/profileUpdate.idm.json 1`] = ` +{ + "idm": { + "notification/profileUpdate": { + "_id": "notification/profileUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "userName", + "givenName", + "sn", + "mail", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "preferences", + ], + }, + "type": "groovy", + }, + "enabled": { + "$bool": "&{openidm.notifications.profileUpdate|false}", + }, + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your profile has been updated.", + "notificationType": "info", + }, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/notificationFactory.idm.json 1`] = ` +{ + "idm": { + "notificationFactory": { + "_id": "notificationFactory", + "enabled": { + "$bool": "&{openidm.notifications|false}", + }, + "threadPool": { + "maxPoolThreads": 2, + "maxQueueSize": 20000, + "steadyPoolThreads": 1, + "threadKeepAlive": 60, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/policy.idm.json 1`] = ` +{ + "idm": { + "policy": { + "_id": "policy", + "additionalFiles": [], + "file": "policy.js", + "resources": [ + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getRegistrationProperties()", + "type": "text/javascript", + }, + "resource": "selfservice/registration", + }, + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getResetProperties()", + "type": "text/javascript", + }, + "resource": "selfservice/reset", + }, + { + "properties": [ + { + "name": "_id", + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], }, - "required": [], - "title": "Assignment Attributes Items", - "type": "object", + "policyId": "cannot-contain-characters", }, - "notifyRelationships": [ - "roles", - "members", - ], - "title": "Assignment Attributes", - "type": "array", - "viewable": true, - }, - "condition": { - "description": "A conditional filter for this assignment", - "isConditional": true, - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, - }, - "description": { - "description": "The assignment description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "linkQualifiers": { - "description": "Conditional link qualifiers to restrict this assignment to.", - "items": { - "title": "Link Qualifiers Items", - "type": "string", + ], + }, + { + "name": "password", + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", }, - "title": "Link Qualifiers", - "type": "array", - "viewable": true, - }, - "mapping": { - "description": "The name of the mapping this assignment applies to", - "policies": [ - { - "policyId": "mapping-exists", + ], + }, + ], + "resource": "internal/user/*", + }, + { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], }, - ], - "searchable": true, - "title": "Mapping", - "type": "string", - "viewable": true, - }, - "members": { - "description": "Assignment Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Assignment Members Items _refProperties", - "type": "object", - }, + "policyId": "cannot-contain-characters", + }, + ], + }, + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", + }, + ], + }, + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + }, + { + "name": "privileges", + "policies": [ + { + "params": { + "types": [ + "array", + ], }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", + "policyId": "valid-type", + }, + { + "params": { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "string", + ], + }, + "policyId": "valid-type", + }, ], - "queryFilter": "true", }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Assignment Members Items", - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "title": "Assignment Members", - "type": "array", - "viewable": true, - }, - "name": { - "description": "The assignment name, used for display purposes.", - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, - }, - "roles": { - "description": "Managed Roles", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, + { + "name": "path", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "policyId": "valid-privilege-path", + }, + ], }, - "title": "Managed Roles Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/alpha_role", - "query": { - "fields": [ - "name", + { + "name": "accessFlags", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-accessFlags-object", + }, ], - "queryFilter": "true", }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Managed Roles Items", - "type": "relationship", - "validate": true, + { + "name": "actions", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + ], + }, + { + "name": "permissions", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-permissions", + }, + ], + }, + { + "name": "filter", + "policies": [ + { + "params": { + "types": [ + "string", + "null", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-query-filter", + }, + ], + }, + ], + }, + "policyId": "valid-array-items", }, - "returnByDefault": false, - "title": "Managed Roles", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "type": { - "description": "The type of object this assignment represents", - "title": "Type", - "type": "string", - "viewable": true, - }, - "weight": { - "description": "The weight of the assignment.", - "notifyRelationships": [ - "roles", - "members", - ], - "searchable": false, - "title": "Weight", - "type": [ - "number", - "null", - ], - "viewable": true, - }, + ], }, - "required": [ - "name", - "description", - "mapping", - ], - "title": "Alpha realm - Assignment", - "type": "object", - }, + ], + "resource": "internal/role/*", }, { - "attributeEncryption": {}, - "name": "bravo_assignment", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "A role assignment", - "icon": "fa-key", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", - "mat-icon": "vpn_key", - "order": [ - "_id", - "name", - "description", - "type", - "mapping", - "attributes", - "linkQualifiers", - "roles", - "members", - "condition", - "weight", + "properties": [ + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", + }, + ], + }, + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + }, + ], + "resource": "managed/role/*", + }, + { + "properties": [ + { + "name": "objects", + "policies": [ + { + "policyId": "valid-event-scripts", + }, + ], + }, + ], + "resource": "config/managed", + }, + ], + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/privilegeAssignments.idm.json 1`] = ` +{ + "idm": { + "privilegeAssignments": { + "_id": "privilegeAssignments", + "privilegeAssignments": [ + { + "name": "ownerPrivileges", + "privileges": [ + "owner-view-update-delete-orgs", + "owner-create-orgs", + "owner-view-update-delete-admins-and-members", + "owner-create-admins", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "ownerOfOrg", + }, + { + "name": "adminPrivileges", + "privileges": [ + "admin-view-update-delete-orgs", + "admin-create-orgs", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "adminOfOrg", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/privileges.idm.json 1`] = ` +{ + "idm": { + "privileges": { + "_id": "privileges", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/user", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/user", + "permissions": [ + "CREATE", + ], + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/process/access.idm.json 1`] = ` +{ + "idm": { + "process/access": { + "_id": "process/access", + "workflowAccess": [ + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-authorized", + }, + }, + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-admin", + }, + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/repo.ds.idm.json 1`] = ` +{ + "idm": { + "repo.ds": { + "_id": "repo.ds", + "commands": { + "delete-mapping-links": { + "_queryFilter": "/linkType eq "\${mapping}"", + "operation": "DELETE", + }, + "delete-target-ids-for-recon": { + "_queryFilter": "/reconId eq "\${reconId}"", + "operation": "DELETE", + }, + }, + "embedded": false, + "ldapConnectionFactories": { + "bind": { + "connectionPoolSize": 50, + "connectionSecurity": "startTLS", + "heartBeatIntervalSeconds": 60, + "heartBeatTimeoutMilliSeconds": 10000, + "primaryLdapServers": [ + { + "hostname": "opendj-frodo-dev.classic.com", + "port": 2389, + }, + ], + "secondaryLdapServers": [], + }, + "root": { + "authentication": { + "simple": { + "bindDn": "uid=admin", + "bindPassword": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "lJ/B6T9e9CDKHCN8TxkD4g==", + "iv": "EdrerzwEUUkHG582cLDw5w==", + "keySize": 32, + "mac": "Aty9fXUtl4pexGlHOc+CBg==", + "purpose": "idm.config.encryption", + "salt": "BITSKlnPeT5klcuEZbngzw==", + "stableId": "openidm-sym-default", + }, + }, + }, + }, + }, + "inheritFrom": "bind", + }, + }, + "maxConnectionAttempts": 5, + "resourceMapping": { + "defaultMapping": { + "dnTemplate": "ou=generic,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "explicitMapping": { + "clusteredrecontargetids": { + "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-recon-clusteredTargetIds", ], "properties": { "_id": { - "description": "The assignment ID", - "searchable": false, - "title": "Name", - "type": "string", - "viewable": false, - }, - "attributes": { - "description": "The attributes operated on by this assignment.", - "items": { - "order": [ - "assignmentOperation", - "unassignmentOperation", - "name", - "value", - ], - "properties": { - "assignmentOperation": { - "description": "Assignment operation", - "type": "string", - }, - "name": { - "description": "Name", - "type": "string", - }, - "unassignmentOperation": { - "description": "Unassignment operation", - "type": "string", - }, - "value": { - "description": "Value", - "type": "string", - }, - }, - "required": [], - "title": "Assignment Attributes Items", - "type": "object", - }, - "notifyRelationships": [ - "roles", - "members", - ], - "title": "Assignment Attributes", - "type": "array", - "viewable": true, + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", }, - "condition": { - "description": "A conditional filter for this assignment", - "isConditional": true, - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, + "reconId": { + "ldapAttribute": "fr-idm-recon-id", + "type": "simple", }, - "description": { - "description": "The assignment description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, + "targetIds": { + "ldapAttribute": "fr-idm-recon-targetIds", + "type": "json", }, - "linkQualifiers": { - "description": "Conditional link qualifiers to restrict this assignment to.", - "items": { - "title": "Link Qualifiers Items", - "type": "string", - }, - "title": "Link Qualifiers", - "type": "array", - "viewable": true, + }, + }, + "dsconfig/attributeValue": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-attribute-value-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "mapping": { - "description": "The name of the mapping this assignment applies to", - "policies": [ - { - "policyId": "mapping-exists", - }, - ], - "searchable": true, - "title": "Mapping", - "type": "string", - "viewable": true, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", }, - "members": { - "description": "Assignment Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Assignment Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Assignment Members Items", - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "title": "Assignment Members", - "type": "array", - "viewable": true, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", }, - "name": { - "description": "The assignment name, used for display purposes.", - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", }, - "roles": { - "description": "Managed Roles", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Managed Roles Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/bravo_role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Managed Roles Items", - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "title": "Managed Roles", - "type": "array", - "userEditable": false, - "viewable": true, + "matchAttribute": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-match-attribute", + "type": "simple", }, - "type": { - "description": "The type of object this assignment represents", - "title": "Type", - "type": "string", - "viewable": true, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", }, - "weight": { - "description": "The weight of the assignment.", - "notifyRelationships": [ - "roles", - "members", - ], - "searchable": false, - "title": "Weight", - "type": [ - "number", - "null", - ], - "viewable": true, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", }, }, - "required": [ - "name", - "description", - "mapping", - ], - "title": "Bravo realm - Assignment", - "type": "object", }, - }, - { - "name": "alpha_organization", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "An organization or tenant, whose resources are managed by organizational admins.", - "icon": "fa-building", - "mat-icon": "domain", - "order": [ - "name", - "description", - "owners", - "admins", - "members", - "parent", - "children", - "adminIDs", - "ownerIDs", - "parentAdminIDs", - "parentOwnerIDs", - "parentIDs", + "dsconfig/characterSet": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-character-set-password-validator", ], "properties": { - "adminIDs": { - "isVirtual": true, - "items": { - "title": "admin ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "admins", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Admin user ids", - "type": "array", - "userEditable": false, - "viewable": false, + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "admins": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "adminOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Administrators", - "type": "array", - "userEditable": false, - "viewable": true, + "allowUnclassifiedCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-allow-unclassified-characters", + "type": "simple", }, - "children": { - "description": "Child Organizations", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": true, - "path": "managed/alpha_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "parent", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Child Organizations", - "type": "array", - "userEditable": false, - "viewable": false, + "characterSet": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-character-set", + "type": "simple", }, - "description": { - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": true, - "viewable": true, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", }, - "members": { - "items": { - "notifySelf": false, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "memberOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", }, - "name": { - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, + "minCharacterSets": { + "ldapAttribute": "ds-cfg-min-character-sets", + "type": "simple", }, - "ownerIDs": { - "isVirtual": true, - "items": { - "title": "owner ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "owners", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Owner user ids", - "type": "array", - "userEditable": false, - "viewable": false, + }, + }, + "dsconfig/dictionary": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-dictionary-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "owners": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "ownerOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Owner", - "type": "array", - "userEditable": false, - "viewable": true, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", }, - "parent": { - "description": "Parent Organization", - "notifyRelationships": [ - "children", - "members", - ], - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": false, - "path": "managed/alpha_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "returnByDefault": false, - "reversePropertyName": "children", - "reverseRelationship": true, - "searchable": false, - "title": "Parent Organization", - "type": "relationship", - "userEditable": false, - "validate": true, - "viewable": true, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", }, - "parentAdminIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent admins", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "adminIDs", - "parentAdminIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent admins", - "type": "array", - "userEditable": false, - "viewable": false, + "dictionaryFile": { + "isRequired": true, + "ldapAttribute": "ds-cfg-dictionary-file", + "type": "simple", }, - "parentIDs": { - "isVirtual": true, - "items": { - "title": "parent org ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - "parentIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "parent org ids", - "type": "array", - "userEditable": false, - "viewable": false, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", }, - "parentOwnerIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent owners", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "ownerIDs", - "parentOwnerIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent owners", - "type": "array", - "userEditable": false, - "viewable": false, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", }, }, - "required": [ - "name", - ], - "title": "Alpha realm - Organization", - "type": "object", }, - }, - { - "name": "bravo_organization", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "An organization or tenant, whose resources are managed by organizational admins.", - "icon": "fa-building", - "mat-icon": "domain", - "order": [ - "name", - "description", - "owners", - "admins", - "members", - "parent", - "children", - "adminIDs", - "ownerIDs", - "parentAdminIDs", - "parentOwnerIDs", - "parentIDs", + "dsconfig/lengthBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-length-based-password-validator", ], "properties": { - "adminIDs": { - "isVirtual": true, - "items": { - "title": "admin ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "admins", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Admin user ids", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "admins": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "adminOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Administrators", - "type": "array", - "userEditable": false, - "viewable": true, + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "children": { - "description": "Child Organizations", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": true, - "path": "managed/bravo_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "parent", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Child Organizations", - "type": "array", - "userEditable": false, - "viewable": false, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", }, - "description": { - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": true, - "viewable": true, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", }, - "members": { - "items": { - "notifySelf": false, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "memberOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, + "maxPasswordLength": { + "ldapAttribute": "ds-cfg-max-password-length", + "type": "simple", }, - "name": { - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, + "minPasswordLength": { + "ldapAttribute": "ds-cfg-min-password-length", + "type": "simple", }, - "ownerIDs": { - "isVirtual": true, - "items": { - "title": "owner ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "owners", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Owner user ids", - "type": "array", - "userEditable": false, - "viewable": false, + }, + }, + "dsconfig/passwordPolicies": { + "dnTemplate": "cn=Password Policies,cn=config", + "objectClasses": [ + "ds-cfg-password-policy", + "ds-cfg-authentication-policy", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "owners": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "ownerOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Owner", - "type": "array", - "userEditable": false, - "viewable": true, + "defaultPasswordStorageScheme": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-default-password-storage-scheme", + "type": "simple", }, - "parent": { - "description": "Parent Organization", - "notifyRelationships": [ - "children", - "members", - ], - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": false, - "path": "managed/bravo_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "returnByDefault": false, - "reversePropertyName": "children", - "reverseRelationship": true, - "searchable": false, - "title": "Parent Organization", - "type": "relationship", - "userEditable": false, - "validate": true, - "viewable": true, + "maxPasswordAge": { + "ldapAttribute": "ds-cfg-max-password-age", + "type": "simple", }, - "parentAdminIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent admins", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "adminIDs", - "parentAdminIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent admins", - "type": "array", - "userEditable": false, - "viewable": false, + "passwordAttribute": { + "isRequired": true, + "ldapAttribute": "ds-cfg-password-attribute", + "type": "simple", }, - "parentIDs": { - "isVirtual": true, - "items": { - "title": "parent org ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - "parentIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "parent org ids", - "type": "array", - "userEditable": false, - "viewable": false, + "passwordHistoryCount": { + "ldapAttribute": "ds-cfg-password-history-count", + "type": "simple", }, - "parentOwnerIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent owners", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "ownerIDs", - "parentOwnerIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent owners", - "type": "array", - "userEditable": false, - "viewable": false, + "validator": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-password-validator", + "type": "simple", }, }, - "required": [ - "name", - ], - "title": "Bravo realm - Organization", - "type": "object", }, - }, - { - "name": "alpha_group", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "icon": "fa-group", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", - "mat-icon": "group", - "order": [ - "_id", - "name", - "description", - "condition", - "members", + "dsconfig/repeatedCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-repeated-characters-password-validator", ], "properties": { "_id": { - "description": "Group ID", - "isPersonal": false, - "policies": [ - { - "params": { - "propertyName": "name", - }, - "policyId": "id-must-equal-property", - }, - ], - "searchable": false, - "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": false, - }, - "condition": { - "description": "A filter for conditionally assigned members", - "isConditional": true, - "policies": [ - { - "policyId": "valid-query-filter", - }, - ], - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "description": { - "description": "Group Description", - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": false, - "viewable": true, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", }, - "members": { - "description": "Group Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "groups", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", }, - "name": { - "description": "Group Name", - "policies": [ - { - "policyId": "required", - }, - { - "params": { - "forbiddenChars": [ - "/*", - ], - }, - "policyId": "cannot-contain-characters", - }, - ], - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxConsecutiveLength": { + "isRequired": true, + "ldapAttribute": "ds-cfg-max-consecutive-length", + "type": "simple", }, }, - "required": [ - "name", + }, + "dsconfig/similarityBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-similarity-based-password-validator", ], - "title": "Alpha realm - Group", - "viewable": true, + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minPasswordDifference": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-password-difference", + "type": "simple", + }, + }, }, - }, - { - "name": "bravo_group", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "icon": "fa-group", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", - "mat-icon": "group", - "order": [ - "_id", - "name", - "description", - "condition", - "members", + "dsconfig/uniqueCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-unique-characters-password-validator", ], "properties": { "_id": { - "description": "Group ID", - "isPersonal": false, - "policies": [ - { - "params": { - "propertyName": "name", - }, - "policyId": "id-must-equal-property", - }, - ], - "searchable": false, - "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": false, + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "condition": { - "description": "A filter for conditionally assigned members", - "isConditional": true, - "policies": [ - { - "policyId": "valid-query-filter", - }, - ], - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", }, - "description": { - "description": "Group Description", - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": false, - "viewable": true, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", }, - "members": { - "description": "Group Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "groups", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", }, - "name": { - "description": "Group Name", - "policies": [ - { - "policyId": "required", - }, - { - "params": { - "forbiddenChars": [ - "/*", - ], - }, - "policyId": "cannot-contain-characters", - }, - ], - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, + "minUniqueCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-unique-characters", + "type": "simple", }, }, - "required": [ - "name", - ], - "title": "Bravo realm - Group", - "viewable": true, }, - }, - { - "name": "alpha_application", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "Application Object", - "icon": "fa-folder", - "order": [ - "name", - "description", - "url", - "icon", - "mappingNames", - "owners", - "roles", - "members", + "dsconfig/userDefinedVirtualAttribute": { + "dnTemplate": "cn=Virtual Attributes,cn=config", + "objectClasses": [ + "ds-cfg-user-defined-virtual-attribute", + "ds-cfg-virtual-attribute", ], "properties": { "_id": { - "description": "Application ID", - "isPersonal": false, - "searchable": false, - "type": "string", - "userEditable": false, - "viewable": false, + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", }, - "authoritative": { - "description": "Is this an authoritative application", - "searchable": false, - "title": "Authoritative", - "type": "boolean", - "viewable": false, + "attributeType": { + "isRequired": true, + "ldapAttribute": "ds-cfg-attribute-type", + "type": "simple", }, - "connectorId": { - "description": "Id of the connector associated with the application", - "searchable": false, - "title": "Connector ID", - "type": "string", - "userEditable": false, - "viewable": false, + "baseDn": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-base-dn", + "type": "simple", }, - "description": { - "description": "Application Description", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, + "conflictBehavior": { + "ldapAttribute": "ds-cfg-conflict-behavior", + "type": "simple", }, - "icon": { - "searchable": true, - "title": "Icon", - "type": "string", - "userEditable": true, - "viewable": true, + "enabled": { + "isRequired": true, + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", }, - "mappingNames": { - "description": "Names of the sync mappings used by an application with provisioning configured.", - "items": { - "title": "Mapping Name Items", - "type": "string", - }, - "searchable": true, - "title": "Sync Mapping Names", - "type": "array", - "viewable": true, + "filter": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-filter", + "type": "simple", }, - "members": { - "description": "Application Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, + "groupDn": { + "ldapAttribute": "ds-cfg-group-dn", + "type": "simple", + }, + "javaClass": { + "isRequired": true, + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "scope": { + "ldapAttribute": "ds-cfg-scope", + "type": "simple", + }, + "value": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-value", + "type": "simple", + }, + }, + }, + "internal/role": { + "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "fr-idm-internal-role", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "authzMembers": { + "isMultiValued": true, + "propertyName": "authzRoles", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "condition": { + "ldapAttribute": "fr-idm-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", }, "name": { - "description": "Application name", - "notifyRelationships": [ - "roles", - "members", - ], - "policies": [ - { - "policyId": "unique", - }, - ], - "returnByDefault": true, - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, + "ldapAttribute": "fr-idm-name", + "type": "simple", }, - "owners": { - "description": "Application Owners", - "items": { - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Application _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "ownerOfApp", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Owners", - "type": "array", - "userEditable": false, - "viewable": true, + "privileges": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-privilege", + "type": "json", }, - "roles": { - "description": "Roles granting users the application", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/alpha_role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Roles", - "type": "array", - "userEditable": false, - "viewable": true, + "temporalConstraints": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-temporal-constraints", + "type": "json", }, - "ssoEntities": { - "description": "SSO Entity Id", - "properties": { - "idpLocation": { - "type": "string", - }, - "idpPrivateId": { - "type": "string", - }, - "spLocation": { - "type": "string", - }, - "spPrivate": { - "type": "string", - }, - }, - "searchable": false, - "title": "SSO Entity Id", - "type": "object", - "userEditable": false, - "viewable": false, + }, + }, + "internal/user": { + "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-internal-user", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", }, - "templateName": { - "description": "Name of the template the application was created from", - "searchable": false, - "title": "Template Name", - "type": "string", - "userEditable": false, - "viewable": false, + "password": { + "ldapAttribute": "fr-idm-password", + "type": "json", }, - "templateVersion": { - "description": "The template version", - "searchable": false, - "title": "Template Version", - "type": "string", - "userEditable": false, - "viewable": false, + }, + }, + "link": { + "dnTemplate": "ou=links,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-link", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", }, - "uiConfig": { - "description": "UI Config", - "isPersonal": false, - "properties": {}, - "searchable": false, - "title": "UI Config", - "type": "object", - "usageDescription": "", - "viewable": false, + "firstId": { + "ldapAttribute": "fr-idm-link-firstId", + "type": "simple", }, - "url": { - "searchable": true, - "title": "Url", - "type": "string", - "userEditable": true, - "viewable": true, + "linkQualifier": { + "ldapAttribute": "fr-idm-link-qualifier", + "type": "simple", + }, + "linkType": { + "ldapAttribute": "fr-idm-link-type", + "type": "simple", + }, + "secondId": { + "ldapAttribute": "fr-idm-link-secondId", + "type": "simple", }, }, - "required": [ - "name", + }, + "locks": { + "dnTemplate": "ou=locks,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-lock", ], - "title": "Alpha realm - Application", - "type": "object", + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "nodeId": { + "ldapAttribute": "fr-idm-lock-nodeid", + "type": "simple", + }, + }, }, - }, - { - "name": "bravo_application", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "Application Object", - "icon": "fa-folder", - "order": [ - "name", - "description", - "url", - "icon", - "mappingNames", - "owners", - "roles", - "members", + "recon/assoc": { + "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "namingStrategy": { + "dnAttribute": "fr-idm-reconassoc-reconid", + "type": "clientDnNaming", + }, + "objectClasses": [ + "fr-idm-reconassoc", ], "properties": { "_id": { - "description": "Application ID", - "isPersonal": false, - "searchable": false, - "type": "string", - "userEditable": false, - "viewable": false, + "isRequired": true, + "ldapAttribute": "fr-idm-reconassoc-reconid", + "type": "simple", }, - "authoritative": { - "description": "Is this an authoritative application", - "searchable": false, - "title": "Authoritative", - "type": "boolean", - "viewable": false, + "finishTime": { + "ldapAttribute": "fr-idm-reconassoc-finishtime", + "type": "simple", }, - "connectorId": { - "description": "Id of the connector associated with the application", - "searchable": false, - "title": "Connector ID", - "type": "string", - "userEditable": false, - "viewable": false, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", }, - "description": { - "description": "Application Description", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", }, - "icon": { - "searchable": true, - "title": "Icon", - "type": "string", - "userEditable": true, - "viewable": true, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", }, - "mappingNames": { - "description": "Names of the sync mappings used by an application with provisioning configured.", - "items": { - "title": "Mapping Name Items", - "type": "string", - }, - "searchable": true, - "title": "Sync Mapping Names", - "type": "array", - "viewable": true, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", }, - "members": { - "description": "Application Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, + }, + "subResources": { + "entry": { + "namingStrategy": { + "dnAttribute": "uid", + "type": "clientDnNaming", }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, + "resource": "recon-assoc-entry", + "type": "collection", }, - "name": { - "description": "Application name", - "notifyRelationships": [ - "roles", - "members", - ], - "policies": [ - { - "policyId": "unique", - }, - ], - "returnByDefault": true, - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, + }, + }, + "recon/assoc/entry": { + "objectClasses": [ + "uidObject", + "fr-idm-reconassocentry", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", }, - "owners": { - "description": "Application Owners", - "items": { - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Application _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "ownerOfApp", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Owners", - "type": "array", - "userEditable": false, - "viewable": true, + "action": { + "ldapAttribute": "fr-idm-reconassocentry-action", + "type": "simple", }, - "roles": { - "description": "Roles granting users the application", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/bravo_role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Roles", - "type": "array", - "userEditable": false, - "viewable": true, + "ambiguousTargetObjectIds": { + "ldapAttribute": "fr-idm-reconassocentry-ambiguoustargetobjectids", + "type": "simple", }, - "ssoEntities": { - "description": "SSO Entity Id", - "properties": { - "idpLocation": { - "type": "string", - }, - "idpPrivateId": { - "type": "string", - }, - "spLocation": { - "type": "string", - }, - "spPrivate": { - "type": "string", - }, - }, - "searchable": false, - "title": "SSO Entity Id", - "type": "object", - "userEditable": false, - "viewable": false, + "exception": { + "ldapAttribute": "fr-idm-reconassocentry-exception", + "type": "simple", }, - "templateName": { - "description": "Name of the template the application was created from", - "searchable": false, - "title": "Template Name", - "type": "string", - "userEditable": false, - "viewable": false, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", }, - "templateVersion": { - "description": "The template version", - "searchable": false, - "title": "Template Version", - "type": "string", - "userEditable": false, - "viewable": false, + "linkQualifier": { + "ldapAttribute": "fr-idm-reconassocentry-linkqualifier", + "type": "simple", }, - "uiConfig": { - "description": "UI Config", - "isPersonal": false, - "properties": {}, - "searchable": false, - "title": "UI Config", - "type": "object", - "usageDescription": "", - "viewable": false, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", }, - "url": { - "searchable": true, - "title": "Url", - "type": "string", - "userEditable": true, - "viewable": true, + "message": { + "ldapAttribute": "fr-idm-reconassocentry-message", + "type": "simple", }, - }, - "required": [ - "name", - ], - "title": "Bravo realm - Application", - "type": "object", - }, - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/policy.idm.json 1`] = ` -{ - "idm": { - "policy": { - "_id": "policy", - "additionalFiles": [], - "resources": [], + "messageDetail": { + "ldapAttribute": "fr-idm-reconassocentry-messagedetail", + "type": "simple", + }, + "phase": { + "ldapAttribute": "fr-idm-reconassocentry-phase", + "type": "simple", + }, + "reconId": { + "ldapAttribute": "fr-idm-reconassocentry-reconid", + "type": "simple", + }, + "situation": { + "ldapAttribute": "fr-idm-reconassocentry-situation", + "type": "simple", + }, + "sourceObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-sourceObjectId", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "status": { + "ldapAttribute": "fr-idm-reconassocentry-status", + "type": "simple", + }, + "targetObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-targetObjectId", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "resourceName": "recon-assoc-entry", + "subResourceRouting": [ + { + "prefix": "entry", + "template": "recon/assoc/{reconId}/entry", + }, + ], + }, + "sync/queue": { + "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-syncqueue", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "context": { + "ldapAttribute": "fr-idm-syncqueue-context", + "type": "json", + }, + "createDate": { + "ldapAttribute": "fr-idm-syncqueue-createdate", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-syncqueue-mapping", + "type": "simple", + }, + "newObject": { + "ldapAttribute": "fr-idm-syncqueue-newobject", + "type": "json", + }, + "nodeId": { + "ldapAttribute": "fr-idm-syncqueue-nodeid", + "type": "simple", + }, + "objectRev": { + "ldapAttribute": "fr-idm-syncqueue-objectRev", + "type": "simple", + }, + "oldObject": { + "ldapAttribute": "fr-idm-syncqueue-oldobject", + "type": "json", + }, + "resourceCollection": { + "ldapAttribute": "fr-idm-syncqueue-resourcecollection", + "type": "simple", + }, + "resourceId": { + "ldapAttribute": "fr-idm-syncqueue-resourceid", + "type": "simple", + }, + "state": { + "ldapAttribute": "fr-idm-syncqueue-state", + "type": "simple", + }, + "syncAction": { + "ldapAttribute": "fr-idm-syncqueue-syncaction", + "type": "simple", + }, + }, + }, + }, + "genericMapping": { + "cluster/*": { + "dnTemplate": "ou=cluster,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-cluster-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", + "objectClasses": [ + "uidObject", + "fr-idm-cluster-obj", + ], + }, + "config": { + "dnTemplate": "ou=config,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "file": { + "dnTemplate": "ou=file,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "import": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "import/*": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "internal/notification": { + "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-notification-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-notification", + ], + "properties": { + "target": { + "propertyName": "_notifications", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, + }, + "internal/usermeta": { + "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, + }, + "jsonstorage": { + "dnTemplate": "ou=jsonstorage,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "managed/*": { + "dnTemplate": "ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "managed/assignment": { + "dnTemplate": "ou=assignment,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-assignment-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-assignment", + ], + "properties": { + "condition": { + "ldapAttribute": "fr-idm-assignment-condition", + "type": "simple", + }, + "members": { + "isMultiValued": true, + "propertyName": "assignments", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "propertyName": "assignments", + "resourcePath": "managed/role", + "type": "reverseReference", + }, + }, + }, + "managed/organization": { + "dnTemplate": "ou=organization,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + ], + "properties": { + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/organization", + "type": "reverseReference", + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple", + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + }, + }, + "managed/role": { + "dnTemplate": "ou=role,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role", + ], + "properties": { + "assignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-role-assignments", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", + }, + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, + }, + "managed/user": { + "dnTemplate": "ou=user,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-user-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedUser", + "objectClasses": [ + "uidObject", + "fr-idm-managed-user", + ], + "properties": { + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "internal/usermeta", + "type": "reference", + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference", + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "assignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-assignment-member", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference", + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/user", + "type": "reference", + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "passwordExpirationTime": { + "ldapAttribute": "pwdExpirationTime", + "type": "simple", + "writability": "readOnlyDiscardWrites", + }, + "passwordLastChangedTime": { + "ldapAttribute": "pwdChangedTime", + "type": "simple", + "writability": "readOnlyDiscardWrites", + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/role", + "type": "reference", + }, + }, + }, + "reconprogressstate": { + "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "relationships": { + "dnTemplate": "ou=relationships,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-relationship-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", + "objectClasses": [ + "uidObject", + "fr-idm-relationship", + ], + }, + "scheduler": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "scheduler/*": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "ui/*": { + "dnTemplate": "ou=ui,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "updates": { + "dnTemplate": "ou=updates,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + }, + }, + "rest2LdapOptions": { + "mvccAttribute": "etag", + "readOnUpdatePolicy": "controls", + "returnNullForMissingProperties": true, + "useMvcc": true, + "usePermissiveModify": true, + "useSubtreeDelete": false, + }, + "security": { + "fileBasedTrustManagerFile": "&{idm.install.dir}/security/truststore", + "fileBasedTrustManagerPasswordFile": "&{idm.install.dir}/security/storepass", + "fileBasedTrustManagerType": "JKS", + "trustManager": "file", + }, }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privilegeAssignments.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/repo.init.idm.json 1`] = ` { "idm": { - "privilegeAssignments": { - "_id": "privilegeAssignments", - "privilegeAssignments": [ + "repo.init": { + "_id": "repo.init", + "insert": { + "internal/role": [ + { + "description": "Administrative access", + "id": "openidm-admin", + "name": "openidm-admin", + }, + { + "description": "Basic minimum user", + "id": "openidm-authorized", + "name": "openidm-authorized", + }, + { + "description": "Anonymous access", + "id": "openidm-reg", + "name": "openidm-reg", + }, + { + "description": "Authenticated via certificate", + "id": "openidm-cert", + "name": "openidm-cert", + }, + { + "description": "Allowed to reassign workflow tasks", + "id": "openidm-tasks-manager", + "name": "openidm-tasks-manager", + }, + { + "description": "Platform provisioning access", + "id": "platform-provisioning", + "name": "platform-provisioning", + }, + ], + "internal/user": [ + { + "id": "openidm-admin", + "password": "&{openidm.admin.password}", + }, + { + "id": "anonymous", + "password": "anonymous", + }, + { + "id": "idm-provisioning", + }, + { + "id": "connector-server-client", + }, + ], + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/router.idm.json 1`] = ` +{ + "idm": { + "router": { + "_id": "router", + "filters": [ { - "name": "ownerPrivileges", - "privileges": [ - "owner-view-update-delete-orgs", - "owner-create-orgs", - "owner-view-update-delete-admins-and-members", - "owner-create-admins", - "admin-view-update-delete-members", - "admin-create-members", + "methods": [ + "create", + "update", ], - "relationshipField": "ownerOfOrg", + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", + }, + "pattern": "^(managed|internal)($|(/.+))", }, { - "name": "adminPrivileges", - "privileges": [ - "admin-view-update-delete-orgs", - "admin-create-orgs", - "admin-view-update-delete-members", - "admin-create-members", + "methods": [ + "update", ], - "relationshipField": "adminOfOrg", + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", + }, + "pattern": "^config/managed$", + }, + { + "condition": { + "source": "(context.caller.external === true) && (typeof context.privilege === 'undefined' || Object.keys(context.privilege.matchingPrivileges).length === 0)", + "type": "text/javascript", + }, + "onResponse": { + "source": "require('relationshipFilter').filterResponse()", + "type": "text/javascript", + }, + "pattern": "^(managed|internal)($|(/.+))", }, ], }, @@ -260688,457 +257220,182 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privileges.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/schedule/seantest.idm.json 1`] = ` { "idm": { - "privileges": { - "_id": "privileges", - "privileges": [], + "schedule/seantest": { + "_id": "schedule/seantest", + "concurrentExecution": false, + "enabled": false, + "endTime": null, + "invokeContext": { + "script": { + "globals": {}, + "source": "//sean has changed this script. Let's see if it is still working. qqqqqqqqqqqqqqSchedule1 +", + "type": "text/javascript", + }, + }, + "invokeLogLevel": "info", + "invokeService": "script", + "misfirePolicy": "fireAndProceed", + "persisted": true, + "recoverable": false, + "repeatCount": 0, + "repeatInterval": 0, + "schedule": null, + "startTime": null, + "type": "simple", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openic/GoogleApps.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/schedule/taskscan_activate.idm.json 1`] = ` { "idm": { - "provisioner.openic/GoogleApps": { - "_id": "provisioner.openic/GoogleApps", - "configurationProperties": { - "availableLicenses": [ - "101005/1010050001", - "101001/1010010001", - "101031/1010310010", - "101034/1010340002", - "101038/1010380002", - "101034/1010340001", - "101038/1010380003", - "101034/1010340004", - "101034/1010340003", - "101034/1010340006", - "Google-Apps/Google-Apps-For-Business", - "101034/1010340005", - "Google-Vault/Google-Vault", - "Google-Apps/1010020031", - "Google-Apps/1010020030", - "Google-Apps/1010060003", - "Google-Apps/1010060005", - "Google-Apps/Google-Apps-Unlimited", - "Google-Apps/1010020029", - "Google-Apps/Google-Apps-Lite", - "101031/1010310003", - "101033/1010330002", - "101033/1010330004", - "Google-Apps/Google-Apps-For-Education", - "101031/1010310002", - "101033/1010330003", - "Google-Apps/1010020026", - "101031/1010310007", - "Google-Apps/1010020025", - "101031/1010310008", - "Google-Apps/1010020028", - "Google-Apps/Google-Apps-For-Postini", - "101031/1010310005", - "Google-Apps/1010020027", - "101031/1010310006", - "101031/1010310009", - "Google-Vault/Google-Vault-Former-Employee", - "101038/1010370001", - "Google-Apps/1010020020", - "Google-Apps/1010060001", - ], - "clientId": "&{esv.gac.client.id}", - "clientSecret": "&{esv.gac.secret}", - "domain": "&{esv.gac.domain}", - "groupsMaxResults": "200", - "listProductAndSkuMaxResults": "100", - "listProductMaxResults": "100", - "membersMaxResults": "200", - "proxyHost": null, - "proxyPort": 8080, - "refreshToken": "&{esv.gac.refresh}", - "roleAssignmentMaxResults": 100, - "roleMaxResults": 100, - "usersMaxResults": "100", - "validateCertificate": true, - }, - "connectorRef": { - "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", - "bundleVersion": "[1.5.0.0,1.6.0.0)", - "connectorHostRef": "", - "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", - "displayName": "GoogleApps Connector", - "systemType": "provisioner.openicf", - }, - "enabled": { - "$bool": "&{esv.gac.enable.connector}", + "schedule/taskscan_activate": { + "_id": "schedule/taskscan_activate", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/activeDate le "\${Time.nowWithOffset}") AND (!(/inactiveDate pr) or /inactiveDate ge "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", + }, + "taskState": { + "completed": "/activateAccount/task-completed", + "started": "/activateAccount/task-started", + }, + }, + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "active" }]; + +logger.debug("Performing Activate Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", + }, + }, + "waitForCompletion": false, }, - "objectTypes": { - "__ACCOUNT__": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__ACCOUNT__", - "nativeType": "__ACCOUNT__", - "properties": { - "__GROUPS__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__GROUPS__", - "nativeType": "string", - "type": "array", - }, - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", - }, - "__PASSWORD__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PASSWORD__", - "nativeType": "JAVA_TYPE_GUARDEDSTRING", - "required": true, - "type": "string", - }, - "__PHOTO__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PHOTO__", - "nativeType": "JAVA_TYPE_BYTE_ARRAY", - "type": "string", - }, - "__SECONDARY_EMAILS__": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__SECONDARY_EMAILS__", - "nativeType": "object", - "type": "array", - }, - "__UID__": { - "nativeName": "__UID__", - "nativeType": "string", - "required": false, - "type": "string", - }, - "addresses": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "addresses", - "nativeType": "object", - "type": "array", - }, - "agreedToTerms": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "agreedToTerms", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", - }, - "aliases": { - "flags": [ - "NOT_CREATABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "aliases", - "nativeType": "string", - "type": "array", - }, - "archived": { - "nativeName": "archived", - "nativeType": "boolean", - "type": "boolean", - }, - "changePasswordAtNextLogin": { - "nativeName": "changePasswordAtNextLogin", - "nativeType": "boolean", - "type": "boolean", - }, - "creationTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "creationTime", - "nativeType": "string", - "type": "array", - }, - "customSchemas": { - "nativeName": "customSchemas", - "nativeType": "object", - "type": "object", - }, - "customerId": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "customerId", - "nativeType": "string", - "type": "string", - }, - "deletionTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "deletionTime", - "nativeType": "string", - "type": "string", - }, - "externalIds": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "externalIds", - "nativeType": "object", - "type": "array", - }, - "familyName": { - "nativeName": "familyName", - "nativeType": "string", - "type": "string", - }, - "fullName": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "fullName", - "nativeType": "string", - "type": "string", - }, - "givenName": { - "nativeName": "givenName", - "nativeType": "string", - "required": true, - "type": "string", - }, - "hashFunction": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "hashFunction", - "nativeType": "string", - "type": "string", - }, - "ims": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "ims", - "nativeType": "object", - "type": "array", - }, - "includeInGlobalAddressList": { - "nativeName": "includeInGlobalAddressList", - "nativeType": "boolean", - "type": "boolean", - }, - "ipWhitelisted": { - "nativeName": "ipWhitelisted", - "nativeType": "boolean", - "type": "boolean", - }, - "isAdmin": { - "nativeName": "isAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", - }, - "isDelegatedAdmin": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isDelegatedAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", - }, - "isEnforcedIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnforcedIn2Sv", - "nativeType": "boolean", - "type": "boolean", - }, - "isEnrolledIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnrolledIn2Sv", - "nativeType": "boolean", - "type": "boolean", - }, - "isMailboxSetup": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isMailboxSetup", - "nativeType": "boolean", - "type": "boolean", - }, - "languages": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "languages", - "nativeType": "object", - "type": "array", - }, - "lastLoginTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "lastLoginTime", - "nativeType": "string", - "type": "array", - }, - "nonEditableAliases": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "nonEditableAliases", - "nativeType": "string", - "type": "array", - }, - "orgUnitPath": { - "nativeName": "orgUnitPath", - "nativeType": "string", - "type": "string", - }, - "organizations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "organizations", - "nativeType": "object", - "type": "array", - }, - "phones": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "phones", - "nativeType": "object", - "type": "array", - }, - "primaryEmail": { - "nativeName": "primaryEmail", - "nativeType": "string", - "type": "string", - }, - "recoveryEmail": { - "nativeName": "recoveryEmail", - "nativeType": "string", - "type": "string", - }, - "recoveryPhone": { - "nativeName": "recoveryPhone", - "nativeType": "string", - "type": "string", - }, - "relations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "relations", - "nativeType": "object", - "type": "array", - }, - "suspended": { - "nativeName": "suspended", - "nativeType": "boolean", - "type": "boolean", - }, - "suspensionReason": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "suspensionReason", - "nativeType": "string", - "type": "string", - }, - "thumbnailPhotoUrl": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "thumbnailPhotoUrl", - "nativeType": "string", - "type": "string", - }, + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/schedule/taskscan_expire.idm.json 1`] = ` +{ + "idm": { + "schedule/taskscan_expire": { + "_id": "schedule/taskscan_expire", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/inactiveDate lt "\${Time.nowWithOffset}") AND (!(/activeDate pr) or /activeDate le "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", + }, + "taskState": { + "completed": "/expireAccount/task-completed", + "started": "/expireAccount/task-started", + }, + }, + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "inactive" }]; + +logger.debug("Performing Expire Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", }, - "type": "object", }, + "waitForCompletion": false, }, - "operationTimeout": { - "AUTHENTICATE": -1, - "CREATE": -1, - "DELETE": -1, - "GET": -1, - "RESOLVEUSERNAME": -1, - "SCHEMA": -1, - "SCRIPT_ON_CONNECTOR": -1, - "SCRIPT_ON_RESOURCE": -1, - "SEARCH": -1, - "SYNC": -1, - "TEST": -1, - "UPDATE": -1, - "VALIDATE": -1, + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/scheduler.idm.json 1`] = ` +{ + "idm": { + "scheduler": { + "_id": "scheduler", + "scheduler": { + "executePersistentSchedules": { + "$bool": "&{openidm.scheduler.execute.persistent.schedules}", + }, }, - "poolConfigOption": { - "maxIdle": 10, - "maxObjects": 10, - "maxWait": 150000, - "minEvictableIdleTimeMillis": 120000, - "minIdle": 1, + "threadPool": { + "threadCount": 10, }, - "resultsHandlerConfig": { - "enableAttributesToGetSearchResultsHandler": true, - "enableCaseInsensitiveFilter": false, - "enableFilteredResultsHandler": false, - "enableNormalizingResultsHandler": false, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/script.idm.json 1`] = ` +{ + "idm": { + "script": { + "ECMAScript": { + "javascript.optimization.level": 9, + "javascript.recompile.minimumInterval": 60000, + }, + "Groovy": { + "#groovy.disabled.global.ast.transformations": "", + "#groovy.errors.tolerance": 10, + "#groovy.output.debug": false, + "#groovy.output.verbose": false, + "#groovy.script.base": "#any class extends groovy.lang.Script", + "#groovy.script.extension": ".groovy", + "#groovy.target.bytecode": "1.8", + "#groovy.target.directory": "&{idm.data.dir}/classes", + "#groovy.target.indy": true, + "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", + "groovy.classpath": "&{idm.install.dir}/lib", + "groovy.recompile": true, + "groovy.recompile.minimumInterval": 60000, + "groovy.source.encoding": "UTF-8", + }, + "_id": "script", + "properties": {}, + "sources": { + "default": { + "directory": "&{idm.install.dir}/bin/defaults/script", + }, + "install": { + "directory": "&{idm.install.dir}", + }, + "project": { + "directory": "&{idm.instance.dir}", + }, + "project-script": { + "directory": "&{idm.instance.dir}/script", + }, }, }, }, @@ -261146,6108 +257403,16601 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf.connectorinfoprovider.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/secrets.idm.json 1`] = ` { "idm": { - "provisioner.openicf.connectorinfoprovider": { - "_id": "provisioner.openicf.connectorinfoprovider", - "connectorsLocation": "connectors", - "remoteConnectorClients": [ + "secrets": { + "_id": "secrets", + "stores": [ { - "enabled": true, - "name": "rcs1", - "useSSL": true, + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", + "config": { + "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", + "mappings": [ + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.default", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.config.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.password.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.https.keystore.cert.alias|openidm-localhost}", + ], + "secretId": "idm.jwt.session.module.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", + ], + "secretId": "idm.jwt.session.module.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "selfservice", + ], + "secretId": "idm.selfservice.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", + ], + "secretId": "idm.selfservice.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.assignment.attribute.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + ], + "providerName": "&{openidm.keystore.provider|SunJCE}", + "storePassword": "&{openidm.keystore.password|changeit}", + "storetype": "&{openidm.keystore.type|JCEKS}", + }, + "name": "mainKeyStore", + }, + { + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", + "config": { + "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", + "mappings": [], + "providerName": "&{openidm.truststore.provider|SUN}", + "storePassword": "&{openidm.truststore.password|changeit}", + "storetype": "&{openidm.truststore.type|JKS}", + }, + "name": "mainTrustStore", }, ], - "remoteConnectorClientsGroups": [], - "remoteConnectorServers": [], - "remoteConnectorServersGroups": [], }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/Azure.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/selfservice.kba.idm.json 1`] = ` { "idm": { - "provisioner.openicf/Azure": { - "_id": "provisioner.openicf/Azure", - "configurationProperties": { - "clientId": "4b07adcc-329c-434c-aa83-49a14bef3c49", - "clientSecret": { - "$crypto": { - "type": "x-simple-encryption", - "value": { - "cipher": "AES/CBC/PKCS5Padding", - "data": "W63amdvzlmynT40WOTl1wPWDc8FUlGWQZK158lmlFTrnhy9PbWZV5YE4v3VeMUDC", - "iv": "KG/YFc8v26QHJzRI3uFhzw==", - "keySize": 16, - "mac": "mA4BzCNS7tuLhosQ+es1Tg==", - "purpose": "idm.config.encryption", - "salt": "vvPwKk0KqOqMjElQgICqEA==", - "stableId": "openidm-sym-default", - }, + "selfservice.kba": { + "_id": "selfservice.kba", + "kbaPropertyName": "kbaInfo", + "minimumAnswersToDefine": 2, + "minimumAnswersToVerify": 1, + "questions": { + "1": { + "en": "What's your favorite color?", + "en_GB": "What is your favourite colour?", + "fr": "Quelle est votre couleur préférée?", + }, + "2": { + "en": "Who was your first employer?", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/selfservice.propertymap.idm.json 1`] = ` +{ + "idm": { + "selfservice.propertymap": { + "_id": "selfservice.propertymap", + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "familyName", + "target": "sn", + }, + { + "source": "email", + "target": "mail", + }, + { + "condition": "/object/postalAddress pr", + "source": "postalAddress", + "target": "postalAddress", + }, + { + "condition": "/object/addressLocality pr", + "source": "addressLocality", + "target": "city", + }, + { + "condition": "/object/addressRegion pr", + "source": "addressRegion", + "target": "stateProvince", + }, + { + "condition": "/object/postalCode pr", + "source": "postalCode", + "target": "postalCode", + }, + { + "condition": "/object/country pr", + "source": "country", + "target": "country", + }, + { + "condition": "/object/phone pr", + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "username", + "target": "userName", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/selfservice.terms.idm.json 1`] = ` +{ + "idm": { + "selfservice.terms": { + "_id": "selfservice.terms", + "active": "0.0", + "uiConfig": { + "buttonText": "Accept", + "displayName": "We've updated our terms", + "purpose": "You must accept the updated terms in order to proceed.", + }, + "versions": [ + { + "createDate": "2019-10-28T04:20:11.320Z", + "termsTranslations": { + "en": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.", }, + "version": "0.0", }, - "httpProxyHost": null, - "httpProxyPassword": null, - "httpProxyPort": null, - "httpProxyUsername": null, - "licenseCacheExpiryTime": 60, - "performHardDelete": true, - "readRateLimit": null, - "tenant": "711ffa9c-5972-4713-ace3-688c9732614a", - "writeRateLimit": null, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/servletfilter/cors.idm.json 1`] = ` +{ + "idm": { + "servletfilter/cors": { + "_id": "servletfilter/cors", + "filterClass": "org.eclipse.jetty.ee10.servlets.CrossOriginFilter", + "initParams": { + "allowCredentials": true, + "allowedHeaders": "accept,x-openidm-password,x-openidm-nosession,x-openidm-username,content-type,origin,x-requested-with", + "allowedMethods": "GET,POST,PUT,DELETE,PATCH", + "allowedOrigins": "https://localhost:&{openidm.port.https}", + "chainPreflight": false, }, - "connectorRef": { - "bundleName": "org.forgerock.openicf.connectors.msgraphapi-connector", - "bundleVersion": "1.5.20.21", - "connectorName": "org.forgerock.openicf.connectors.msgraphapi.MSGraphAPIConnector", - "displayName": "MSGraphAPI Connector", - "systemType": "provisioner.openicf", + "urlPatterns": [ + "/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/servletfilter/payload.idm.json 1`] = ` +{ + "idm": { + "servletfilter/payload": { + "_id": "servletfilter/payload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", + "initParams": { + "maxRequestSizeInMegabytes": 5, + }, + "urlPatterns": [ + "&{openidm.servlet.alias}/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/servletfilter/upload.idm.json 1`] = ` +{ + "idm": { + "servletfilter/upload": { + "_id": "servletfilter/upload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", + "initParams": { + "maxRequestSizeInMegabytes": 50, }, + "urlPatterns": [ + "&{openidm.servlet.upload.alias}/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/admin.idm.json 1`] = ` +{ + "idm": { + "ui.context/admin": { + "_id": "ui.context/admin", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/admin/default", "enabled": true, - "objectTypes": { - "User": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__ACCOUNT__", - "nativeType": "__ACCOUNT__", - "properties": { - "__PASSWORD__": { - "autocomplete": "new-password", - "flags": [ - "NOT_UPDATEABLE", - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PASSWORD__", - "nativeType": "JAVA_TYPE_GUARDEDSTRING", - "required": true, - "type": "string", - }, - "__roles__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", + "extensionDir": "&{idm.install.dir}/ui/admin/extension", + "responseHeaders": { + "X-Frame-Options": "SAMEORIGIN", + }, + "urlContextRoot": "/admin", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/api.idm.json 1`] = ` +{ + "idm": { + "ui.context/api": { + "_id": "ui.context/api", + "authEnabled": true, + "cacheEnabled": false, + "defaultDir": "&{idm.install.dir}/ui/api/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/api/extension", + "urlContextRoot": "/api", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/enduser.idm.json 1`] = ` +{ + "idm": { + "ui.context/enduser": { + "_id": "ui.context/enduser", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/enduser", + "enabled": true, + "responseHeaders": { + "X-Frame-Options": "DENY", + }, + "urlContextRoot": "/", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/oauth.idm.json 1`] = ` +{ + "idm": { + "ui.context/oauth": { + "_id": "ui.context/oauth", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/oauth/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/oauth/extension", + "urlContextRoot": "/oauthReturn", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/configuration.idm.json 1`] = ` +{ + "idm": { + "ui/configuration": { + "_id": "ui/configuration", + "configuration": { + "defaultNotificationType": "info", + "forgotUsername": false, + "lang": "en", + "notificationTypes": { + "error": { + "iconPath": "images/notifications/error.png", + "name": "common.notification.types.error", + }, + "info": { + "iconPath": "images/notifications/info.png", + "name": "common.notification.types.info", + }, + "warning": { + "iconPath": "images/notifications/warning.png", + "name": "common.notification.types.warning", + }, + }, + "passwordReset": false, + "passwordResetLink": "", + "roles": { + "internal/role/openidm-admin": "ui-admin", + "internal/role/openidm-authorized": "ui-user", + }, + "selfRegistration": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/dashboard.idm.json 1`] = ` +{ + "idm": { + "ui/dashboard": { + "_id": "ui/dashboard", + "adminDashboards": [ + { + "isDefault": true, + "name": "Quick Start", + "widgets": [ + { + "cards": [ + { + "href": "#connectors/add/", + "icon": "fa-database", + "name": "Add Connector", + }, + { + "href": "#mapping/add/", + "icon": "fa-map-marker", + "name": "Create Mapping", + }, + { + "href": "#resource/managed/role/list/", + "icon": "fa-check-square-o", + "name": "Manage Roles", + }, + { + "href": "#managed/add/", + "icon": "fa-tablet", + "name": "Add Device", + }, + { + "href": "#selfservice/userregistration/", + "icon": "fa-gear", + "name": "Configure Registration", + }, + { + "href": "#selfservice/passwordreset/", + "icon": "fa-gear", + "name": "Configure Password Reset", + }, + { + "href": "#resource/managed/user/list/", + "icon": "fa-user", + "name": "Manage Users", + }, + { + "href": "#settings/", + "icon": "fa-user", + "name": "Configure System Preferences", + }, ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__roles__", - "nativeType": "string", - "type": "array", + "size": "large", + "type": "quickStart", }, - "__servicePlanIds__": { - "items": { - "nativeType": "string", - "type": "string", + ], + }, + { + "isDefault": false, + "name": "System Monitoring", + "widgets": [ + { + "legendRange": { + "month": [ + 500, + 2500, + 5000, + ], + "week": [ + 10, + 30, + 90, + 270, + 810, + ], + "year": [ + 10000, + 40000, + 100000, + 250000, + ], }, - "nativeName": "__servicePlanIds__", - "nativeType": "string", - "type": "array", - }, - "accountEnabled": { - "nativeName": "accountEnabled", - "nativeType": "boolean", - "required": true, - "type": "boolean", - }, - "city": { - "nativeName": "city", - "nativeType": "string", - "type": "string", - }, - "companyName": { - "nativeName": "companyName", - "nativeType": "string", - "type": "string", - }, - "country": { - "nativeName": "country", - "nativeType": "string", - "type": "string", - }, - "department": { - "nativeName": "department", - "nativeType": "string", - "type": "string", + "maxRange": "#24423c", + "minRange": "#b0d4cd", + "size": "large", + "type": "audit", }, - "displayName": { - "nativeName": "displayName", - "nativeType": "string", - "required": true, - "type": "string", + { + "size": "large", + "type": "clusterStatus", }, - "givenName": { - "nativeName": "givenName", - "nativeType": "string", - "type": "string", + { + "size": "large", + "type": "systemHealthFull", }, - "jobTitle": { - "nativeName": "jobTitle", - "nativeType": "string", - "type": "string", + { + "barchart": "false", + "size": "large", + "type": "lastRecon", }, - "mail": { - "nativeName": "mail", - "nativeType": "string", - "required": true, - "type": "string", + ], + }, + { + "isDefault": false, + "name": "Resource Report", + "widgets": [ + { + "selected": "activeUsers", + "size": "x-small", + "type": "counter", }, - "mailNickname": { - "nativeName": "mailNickname", - "nativeType": "string", - "required": true, - "type": "string", + { + "selected": "rolesEnabled", + "size": "x-small", + "type": "counter", }, - "manager": { - "nativeName": "manager", - "nativeType": "object", - "type": "object", + { + "selected": "activeConnectors", + "size": "x-small", + "type": "counter", }, - "memberOf": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "memberOf", - "nativeType": "string", - "type": "array", + { + "size": "large", + "type": "resourceList", }, - "mobilePhone": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", + ], + }, + { + "isDefault": false, + "name": "Business Report", + "widgets": [ + { + "graphType": "fa-pie-chart", + "providers": [ + "Username/Password", ], - "nativeName": "mobilePhone", - "nativeType": "string", - "type": "string", + "size": "x-small", + "type": "signIns", + "widgetTitle": "Sign-Ins", }, - "onPremisesImmutableId": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "onPremisesImmutableId", - "nativeType": "string", - "type": "string", + { + "graphType": "fa-bar-chart", + "size": "x-small", + "type": "passwordResets", + "widgetTitle": "Password Resets", }, - "onPremisesSecurityIdentifier": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", + { + "graphType": "fa-line-chart", + "providers": [ + "Username/Password", ], - "nativeName": "onPremisesSecurityIdentifier", - "nativeType": "string", - "type": "string", - }, - "otherMails": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "otherMails", - "nativeType": "string", - "type": "array", - }, - "postalCode": { - "nativeName": "postalCode", - "nativeType": "string", - "type": "string", - }, - "preferredLanguage": { - "nativeName": "preferredLanguage", - "nativeType": "string", - "type": "string", + "size": "x-small", + "type": "newRegistrations", + "widgetTitle": "New Registrations", }, - "proxyAddresses": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", + { + "size": "x-small", + "timezone": { + "hours": "07", + "minutes": "00", + "negative": true, }, - "nativeName": "proxyAddresses", - "nativeType": "string", - "type": "array", - }, - "state": { - "nativeName": "state", - "nativeType": "string", - "type": "string", - }, - "streetAddress": { - "nativeName": "streetAddress", - "nativeType": "string", - "type": "string", - }, - "surname": { - "nativeName": "surname", - "nativeType": "string", - "type": "string", - }, - "usageLocation": { - "nativeName": "usageLocation", - "nativeType": "string", - "type": "string", + "type": "socialLogin", }, - "userPrincipalName": { - "nativeName": "userPrincipalName", - "nativeType": "string", - "required": true, - "type": "string", + { + "selected": "socialEnabled", + "size": "x-small", + "type": "counter", }, - "userType": { - "nativeName": "userType", - "nativeType": "string", - "type": "string", + { + "selected": "manualRegistrations", + "size": "x-small", + "type": "counter", }, - }, - "type": "object", + ], }, - "__GROUP__": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__GROUP__", - "nativeType": "__GROUP__", - "properties": { - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "required": true, - "type": "string", - }, - "description": { - "nativeName": "description", - "nativeType": "string", - "type": "string", - }, - "displayName": { - "nativeName": "displayName", - "nativeType": "string", - "required": true, - "type": "string", - }, - "groupTypes": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "groupTypes", - "nativeType": "string", - "type": "string", - }, - "id": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "id", - "type": "string", - }, - "mail": { - "nativeName": "mail", - "nativeType": "string", - "type": "string", - }, - "mailEnabled": { - "nativeName": "mailEnabled", - "nativeType": "boolean", - "required": true, - "type": "boolean", - }, - "onPremisesSecurityIdentifier": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "onPremisesSecurityIdentifier", - "nativeType": "string", - "type": "string", - }, - "proxyAddresses": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "proxyAddresses", - "nativeType": "string", - "type": "array", - }, - "securityEnabled": { - "nativeName": "securityEnabled", - "nativeType": "boolean", - "required": true, - "type": "boolean", - }, - "type": { - "nativeName": "type", - "required": true, - "type": "string", + { + "isDefault": false, + "name": "seantestdashboard", + "widgets": [ + { + "size": "large", + "type": "resourceList", }, + ], + }, + ], + "dashboard": { + "widgets": [ + { + "size": "large", + "type": "Welcome", }, - "type": "object", + ], + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/profile.idm.json 1`] = ` +{ + "idm": { + "ui/profile": { + "_id": "ui/profile", + "tabs": [ + { + "name": "personalInfoTab", + "view": "org/forgerock/openidm/ui/user/profile/personalInfo/PersonalInfoTab", }, - "directoryRole": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "directoryRole", - "nativeType": "directoryRole", - "properties": { - "description": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "description", - "nativeType": "string", - "type": "string", - }, - "displayName": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "displayName", - "nativeType": "string", - "type": "string", - }, + { + "name": "signInAndSecurity", + "view": "org/forgerock/openidm/ui/user/profile/signInAndSecurity/SignInAndSecurityTab", + }, + { + "name": "preference", + "view": "org/forgerock/openidm/ui/user/profile/PreferencesTab", + }, + { + "name": "trustedDevice", + "view": "org/forgerock/openidm/ui/user/profile/TrustedDevicesTab", + }, + { + "name": "oauthApplication", + "view": "org/forgerock/openidm/ui/user/profile/OauthApplicationsTab", + }, + { + "name": "privacyAndConsent", + "view": "org/forgerock/openidm/ui/user/profile/PrivacyAndConsentTab", + }, + { + "name": "sharing", + "view": "org/forgerock/openidm/ui/user/profile/uma/SharingTab", + }, + { + "name": "auditHistory", + "view": "org/forgerock/openidm/ui/user/profile/uma/ActivityTab", + }, + { + "name": "accountControls", + "view": "org/forgerock/openidm/ui/user/profile/accountControls/AccountControlsTab", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/themeconfig.idm.json 1`] = ` +{ + "idm": { + "ui/themeconfig": { + "_id": "ui/themeconfig", + "icon": "favicon.ico", + "path": "", + "settings": { + "footer": { + "mailto": "info@pingidentity.com", + }, + "loginLogo": { + "alt": "Ping Identity", + "height": "120px", + "src": "images/login-logo-dark.png", + "title": "Ping Identity", + "width": "120px", + }, + "logo": { + "alt": "Ping Identity", + "src": "images/logo-horizontal-white.png", + "title": "Ping Identity", + }, + }, + "stylesheets": [ + "css/bootstrap-3.4.1-custom.css", + "css/structure.css", + "css/theme.css", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.idm.json 1`] = ` +{ + "idm": { + "webserver": { + "_id": "webserver", + "gzip": { + "enabled": true, + "includedMethods": [ + "GET", + ], + }, + "maxThreads": { + "$int": "&{openidm.webserver.max.threads|&{org.ops4j.pax.web.server.maxThreads|200}}", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.listener/http.idm.json 1`] = ` +{ + "idm": { + "webserver.listener/http": { + "_id": "webserver.listener/http", + "enabled": { + "$bool": "&{openidm.http.enabled|true}", + }, + "port": { + "$int": "&{openidm.port.http|8080}", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.listener/https.idm.json 1`] = ` +{ + "idm": { + "webserver.listener/https": { + "_id": "webserver.listener/https", + "enabled": { + "$bool": "&{openidm.https.enabled|true}", + }, + "port": { + "$int": "&{openidm.port.https|8443}", + }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.listener/mutualAuth.idm.json 1`] = ` +{ + "idm": { + "webserver.listener/mutualAuth": { + "_id": "webserver.listener/mutualAuth", + "enabled": { + "$bool": "&{openidm.mutualauth.enabled|true}", + }, + "mutualAuth": true, + "port": { + "$int": "&{openidm.port.mutualauth|8444}", + }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-admin.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-admin": { + "_id": "openidm-admin", + "condition": null, + "description": "Administrative access", + "name": "openidm-admin", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-authorized.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-authorized": { + "_id": "openidm-authorized", + "condition": null, + "description": "Basic minimum user", + "name": "openidm-authorized", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-cert.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-cert": { + "_id": "openidm-cert", + "condition": null, + "description": "Authenticated via certificate", + "name": "openidm-cert", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-reg.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-reg": { + "_id": "openidm-reg", + "condition": null, + "description": "Anonymous access", + "name": "openidm-reg", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-tasks-manager.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-tasks-manager": { + "_id": "openidm-tasks-manager", + "condition": null, + "description": "Allowed to reassign workflow tasks", + "name": "openidm-tasks-manager", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/platform-provisioning.internalRole.json 1`] = ` +{ + "internalRole": { + "platform-provisioning": { + "_id": "platform-provisioning", + "condition": null, + "description": "Platform provisioning access", + "name": "platform-provisioning", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/mapping/mappingtest.mapping.json 1`] = ` +{ + "mapping": { + "mapping/mappingtest": { + "_id": "mapping/mappingtest", + "consentRequired": false, + "displayName": "mappingtest", + "icon": null, + "name": "mappingtest", + "policies": [ + { + "action": { + "globals": {}, + "source": "//asdfasdf", + "type": "text/javascript", }, - "type": "object", + "situation": "AMBIGUOUS", }, - "servicePlan": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "servicePlan", - "nativeType": "servicePlan", - "properties": { - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", - }, - "appliesTo": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "appliesTo", - "nativeType": "string", - "type": "string", - }, - "provisioningStatus": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "provisioningStatus", - "nativeType": "string", - "type": "string", - }, - "servicePlanId": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "servicePlanId", - "nativeType": "string", - "type": "string", - }, - "servicePlanName": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "servicePlanName", - "nativeType": "string", - "type": "string", - }, - "subscriberSkuId": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "subscriberSkuId", - "type": "string", - }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "groovy", }, - "type": "object", + "situation": "MISSING", }, - "servicePrincipal": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "servicePrincipal", - "nativeType": "servicePrincipal", - "properties": { - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", - }, - "__addAppRoleAssignedTo__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__addAppRoleAssignedTo__", - "nativeType": "object", - "type": "array", - }, - "__addAppRoleAssignments__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__addAppRoleAssignments__", - "nativeType": "object", - "type": "array", - }, - "__removeAppRoleAssignedTo__": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__removeAppRoleAssignedTo__", - "nativeType": "string", - "type": "array", - }, - "__removeAppRoleAssignments__": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__removeAppRoleAssignments__", - "nativeType": "string", - "type": "array", - }, - "accountEnabled": { - "nativeName": "accountEnabled", - "nativeType": "boolean", - "type": "boolean", - }, - "addIns": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "addIns", - "nativeType": "object", - "type": "array", - }, - "alternativeNames": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "alternativeNames", - "nativeType": "string", - "type": "array", - }, - "appDescription": { - "nativeName": "appDescription", - "nativeType": "string", - "type": "string", - }, - "appDisplayName": { - "nativeName": "appDisplayName", - "nativeType": "string", - "type": "string", - }, - "appId": { - "nativeName": "appId", - "nativeType": "string", - "type": "string", - }, - "appOwnerOrganizationId": { - "nativeName": "appOwnerOrganizationId", - "nativeType": "string", - "type": "string", - }, - "appRoleAssignmentRequired": { - "nativeName": "appRoleAssignmentRequired", - "nativeType": "boolean", - "type": "boolean", - }, - "appRoles": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "appRoles", - "nativeType": "object", - "type": "array", - }, - "applicationTemplateId": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "applicationTemplateId", - "nativeType": "string", - "type": "string", - }, - "deletedDateTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "deletedDateTime", - "nativeType": "string", - "type": "string", - }, - "description": { - "nativeName": "description", - "nativeType": "string", - "type": "string", - }, - "disabledByMicrosoftStatus": { - "nativeName": "disabledByMicrosoftStatus", - "nativeType": "string", - "type": "string", - }, - "displayName": { - "nativeName": "displayName", - "nativeType": "string", - "type": "string", - }, - "homepage": { - "nativeName": "homepage", - "nativeType": "string", - "type": "string", - }, - "info": { - "nativeName": "info", - "nativeType": "object", - "type": "object", - }, - "keyCredentials": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "keyCredentials", - "nativeType": "object", - "type": "array", - }, - "loginUrl": { - "nativeName": "loginUrl", - "nativeType": "string", - "type": "string", - }, - "logoutUrl": { - "nativeName": "logoutUrl", - "nativeType": "string", - "type": "string", - }, - "notes": { - "nativeName": "notes", - "nativeType": "string", - "type": "string", - }, - "notificationEmailAddresses": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "notificationEmailAddresses", - "nativeType": "string", - "type": "array", - }, - "oauth2PermissionScopes": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "oauth2PermissionScopes", - "nativeType": "object", - "type": "array", - }, - "passwordCredentials": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "passwordCredentials", - "nativeType": "object", - "type": "array", - }, - "preferredSingleSignOnMode": { - "nativeName": "preferredSingleSignOnMode", - "nativeType": "string", - "type": "string", - }, - "replyUrls": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "replyUrls", - "nativeType": "string", - "type": "array", - }, - "resourceSpecificApplicationPermissions": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "resourceSpecificApplicationPermissions", - "nativeType": "object", - "type": "array", - }, - "samlSingleSignOnSettings": { - "nativeName": "samlSingleSignOnSettings", - "nativeType": "object", - "type": "object", - }, - "servicePrincipalNames": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "servicePrincipalNames", - "nativeType": "string", - "type": "array", - }, - "servicePrincipalType": { - "nativeName": "servicePrincipalType", - "nativeType": "string", - "type": "string", - }, - "signInAudience": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "signInAudience", - "nativeType": "string", - "type": "string", - }, - "tags": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "tags", - "nativeType": "string", - "type": "array", - }, - "tokenEncryptionKeyId": { - "nativeName": "tokenEncryptionKeyId", - "nativeType": "string", - "type": "string", - }, - "verifiedPublisher": { - "nativeName": "verifiedPublisher", - "nativeType": "object", - "type": "object", - }, - }, - "type": "object", + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", }, - }, - "operationTimeout": { - "AUTHENTICATE": -1, - "CREATE": -1, - "DELETE": -1, - "GET": -1, - "RESOLVEUSERNAME": -1, - "SCHEMA": -1, - "SCRIPT_ON_CONNECTOR": -1, - "SCRIPT_ON_RESOURCE": -1, - "SEARCH": -1, - "SYNC": -1, - "TEST": -1, - "UPDATE": -1, - "VALIDATE": -1, - }, - "poolConfigOption": { - "maxIdle": 10, - "maxObjects": 10, - "maxWait": 150000, - "minEvictableIdleTimeMillis": 120000, - "minIdle": 1, - }, - "resultsHandlerConfig": { - "enableAttributesToGetSearchResultsHandler": true, - "enableCaseInsensitiveFilter": false, - "enableFilteredResultsHandler": false, - "enableNormalizingResultsHandler": false, - }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "source": "managed/assignment", + "target": "managed/organization", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/GoogleApps.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/mapping/seantestmapping.mapping.json 1`] = ` { - "idm": { - "provisioner.openicf/GoogleApps": { - "_id": "provisioner.openicf/GoogleApps", - "configurationProperties": { - "availableLicenses": [ - "101005/1010050001", - "101001/1010010001", - "101031/1010310010", - "101034/1010340002", - "101038/1010380002", - "101034/1010340001", - "101038/1010380003", - "101034/1010340004", - "101034/1010340003", - "101034/1010340006", - "Google-Apps/Google-Apps-For-Business", - "101034/1010340005", - "Google-Vault/Google-Vault", - "Google-Apps/1010020031", - "Google-Apps/1010020030", - "Google-Apps/1010060003", - "Google-Apps/1010060005", - "Google-Apps/Google-Apps-Unlimited", - "Google-Apps/1010020029", - "Google-Apps/Google-Apps-Lite", - "101031/1010310003", - "101033/1010330002", - "101033/1010330004", - "Google-Apps/Google-Apps-For-Education", - "101031/1010310002", - "101033/1010330003", - "Google-Apps/1010020026", - "101031/1010310007", - "Google-Apps/1010020025", - "101031/1010310008", - "Google-Apps/1010020028", - "Google-Apps/Google-Apps-For-Postini", - "101031/1010310005", - "Google-Apps/1010020027", - "101031/1010310006", - "101031/1010310009", - "Google-Vault/Google-Vault-Former-Employee", - "101038/1010370001", - "Google-Apps/1010020020", - "Google-Apps/1010060001", - ], - "clientId": "&{esv.gac.client.id}", - "clientSecret": "&{esv.gac.secret}", - "domain": "&{esv.gac.domain}", - "groupsMaxResults": "200", - "listProductAndSkuMaxResults": "100", - "listProductMaxResults": "100", - "membersMaxResults": "200", - "proxyHost": null, - "proxyPort": 8080, - "refreshToken": "&{esv.gac.refresh}", - "roleAssignmentMaxResults": 100, - "roleMaxResults": 100, - "usersMaxResults": "100", - "validateCertificate": true, - }, - "connectorRef": { - "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", - "bundleVersion": "[1.5.0.0,1.6.0.0)", - "connectorHostRef": "", - "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", - "displayName": "GoogleApps Connector", - "systemType": "provisioner.openicf", - }, - "enabled": { - "$bool": "&{esv.gac.enable.connector}", - }, - "objectTypes": { - "__ACCOUNT__": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__ACCOUNT__", - "nativeType": "__ACCOUNT__", - "properties": { - "__GROUPS__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__GROUPS__", - "nativeType": "string", - "type": "array", - }, - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", - }, - "__PASSWORD__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PASSWORD__", - "nativeType": "JAVA_TYPE_GUARDEDSTRING", - "required": true, - "type": "string", - }, - "__PHOTO__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PHOTO__", - "nativeType": "JAVA_TYPE_BYTE_ARRAY", - "type": "string", - }, - "__SECONDARY_EMAILS__": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__SECONDARY_EMAILS__", - "nativeType": "object", - "type": "array", - }, - "__UID__": { - "nativeName": "__UID__", - "nativeType": "string", - "required": false, - "type": "string", - }, - "addresses": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "addresses", - "nativeType": "object", - "type": "array", - }, - "agreedToTerms": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "agreedToTerms", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", - }, - "aliases": { - "flags": [ - "NOT_CREATABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "aliases", - "nativeType": "string", - "type": "array", - }, - "archived": { - "nativeName": "archived", - "nativeType": "boolean", - "type": "boolean", - }, - "changePasswordAtNextLogin": { - "nativeName": "changePasswordAtNextLogin", - "nativeType": "boolean", - "type": "boolean", - }, - "creationTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "creationTime", - "nativeType": "string", - "type": "array", - }, - "customSchemas": { - "nativeName": "customSchemas", - "nativeType": "object", - "type": "object", - }, - "customerId": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "customerId", - "nativeType": "string", - "type": "string", - }, - "deletionTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "deletionTime", - "nativeType": "string", - "type": "string", - }, - "externalIds": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "externalIds", - "nativeType": "object", - "type": "array", - }, - "familyName": { - "nativeName": "familyName", - "nativeType": "string", - "type": "string", - }, - "fullName": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "fullName", - "nativeType": "string", - "type": "string", - }, - "givenName": { - "nativeName": "givenName", - "nativeType": "string", - "required": true, - "type": "string", - }, - "hashFunction": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "hashFunction", - "nativeType": "string", - "type": "string", - }, - "ims": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "ims", - "nativeType": "object", - "type": "array", - }, - "includeInGlobalAddressList": { - "nativeName": "includeInGlobalAddressList", - "nativeType": "boolean", - "type": "boolean", - }, - "ipWhitelisted": { - "nativeName": "ipWhitelisted", - "nativeType": "boolean", - "type": "boolean", - }, - "isAdmin": { - "nativeName": "isAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", - }, - "isDelegatedAdmin": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isDelegatedAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", - }, - "isEnforcedIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnforcedIn2Sv", - "nativeType": "boolean", - "type": "boolean", - }, - "isEnrolledIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnrolledIn2Sv", - "nativeType": "boolean", - "type": "boolean", - }, - "isMailboxSetup": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isMailboxSetup", - "nativeType": "boolean", - "type": "boolean", - }, - "languages": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "languages", - "nativeType": "object", - "type": "array", - }, - "lastLoginTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "lastLoginTime", - "nativeType": "string", - "type": "array", - }, - "nonEditableAliases": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "nonEditableAliases", - "nativeType": "string", - "type": "array", - }, - "orgUnitPath": { - "nativeName": "orgUnitPath", - "nativeType": "string", - "type": "string", - }, - "organizations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "organizations", - "nativeType": "object", - "type": "array", - }, - "phones": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "phones", - "nativeType": "object", - "type": "array", - }, - "primaryEmail": { - "nativeName": "primaryEmail", - "nativeType": "string", - "type": "string", - }, - "recoveryEmail": { - "nativeName": "recoveryEmail", - "nativeType": "string", - "type": "string", - }, - "recoveryPhone": { - "nativeName": "recoveryPhone", - "nativeType": "string", - "type": "string", - }, - "relations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "relations", - "nativeType": "object", - "type": "array", - }, - "suspended": { - "nativeName": "suspended", - "nativeType": "boolean", - "type": "boolean", - }, - "suspensionReason": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "suspensionReason", - "nativeType": "string", - "type": "string", - }, - "thumbnailPhotoUrl": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "thumbnailPhotoUrl", - "nativeType": "string", - "type": "string", - }, - }, - "type": "object", + "mapping": { + "mapping/seantestmapping": { + "_id": "mapping/seantestmapping", + "consentRequired": false, + "displayName": "seantestmapping", + "icon": null, + "name": "seantestmapping", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", }, + ], + "properties": [], + "source": "managed/assignment", + "target": "managed/organization", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/managedAssignment_managedUser.sync.json 1`] = ` +{ + "_id": "sync/managedAssignment_managedUser", + "consentRequired": false, + "displayName": "managedAssignment_managedUser", + "icon": null, + "name": "managedAssignment_managedUser", + "policies": [ + { + "action": { + "globals": {}, + "source": "//asdfasdf", + "type": "groovy", }, - "operationTimeout": { - "AUTHENTICATE": -1, - "CREATE": -1, - "DELETE": -1, - "GET": -1, - "RESOLVEUSERNAME": -1, - "SCHEMA": -1, - "SCRIPT_ON_CONNECTOR": -1, - "SCRIPT_ON_RESOURCE": -1, - "SEARCH": -1, - "SYNC": -1, - "TEST": -1, - "UPDATE": -1, - "VALIDATE": -1, + "situation": "AMBIGUOUS", + }, + { + "action": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "text/javascript", }, - "poolConfigOption": { - "maxIdle": 10, - "maxObjects": 10, - "maxWait": 150000, - "minEvictableIdleTimeMillis": 120000, - "minIdle": 1, + "condition": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "groovy", }, - "resultsHandlerConfig": { - "enableAttributesToGetSearchResultsHandler": true, - "enableCaseInsensitiveFilter": false, - "enableFilteredResultsHandler": false, - "enableNormalizingResultsHandler": false, + "postAction": { + "globals": {}, + "source": "//asdfasdf", + "type": "text/javascript", }, + "situation": "SOURCE_MISSING", }, - }, - "meta": Any, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "text/javascript", + }, + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "source": "managed/assignment", + "syncAfter": [ + "managedOrganization_managedRole", + "managedOrganization_managedSeantestmanagedobject", + ], + "target": "managed/user", } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/repo.ds.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/managedOrganization_managedRole.sync.json 1`] = ` { - "idm": { - "repo.ds": { - "_id": "repo.ds", - "commands": { - "delete-mapping-links": { - "_queryFilter": "/linkType eq "\${mapping}"", - "operation": "DELETE", - }, - "delete-target-ids-for-recon": { - "_queryFilter": "/reconId eq "\${reconId}"", - "operation": "DELETE", - }, + "_id": "sync/managedOrganization_managedRole", + "consentRequired": false, + "displayName": "managedOrganization_managedRole", + "icon": null, + "name": "managedOrganization_managedRole", + "policies": [ + { + "action": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", }, - "embedded": false, - "ldapConnectionFactories": { - "bind": { - "availabilityCheckIntervalSeconds": 30, - "availabilityCheckTimeoutMilliSeconds": 10000, - "connectionPoolSize": 50, - "connectionSecurity": "none", - "heartBeatIntervalSeconds": 60, - "heartBeatTimeoutMilliSeconds": 10000, - "primaryLdapServers": [ - { - "hostname": "userstore-0.userstore", - "port": 1389, - }, - ], - "secondaryLdapServers": [ - { - "hostname": "userstore-2.userstore", - "port": 1389, - }, - ], - }, - "root": { - "authentication": { - "simple": { - "bindDn": "uid=admin", - "bindPassword": "&{userstore.password}", - }, - }, - "inheritFrom": "bind", - }, + "situation": "AMBIGUOUS", + }, + { + "action": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", }, - "maxConnectionAttempts": 5, - "queries": { - "explicit": { - "credential-internaluser-query": { - "_queryFilter": "/_id eq "\${username}"", - }, - "credential-query": { - "_queryFilter": "/userName eq "\${username}"", - }, - "for-userName": { - "_queryFilter": "/userName eq "\${uid}"", - }, - "links-for-firstId": { - "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", - }, - "links-for-linkType": { - "_queryFilter": "/linkType eq "\${linkType}"", - }, - "query-all": { - "_queryFilter": "true", - }, - "query-all-ids": { - "_fields": "_id,_rev", - "_queryFilter": "true", - }, - }, - "generic": { - "credential-internaluser-query": { - "_queryFilter": "/_id eq "\${username}"", - }, - "credential-query": { - "_queryFilter": "/userName eq "\${username}"", - }, - "find-relationship-edges": { - "_queryFilter": "((/firstResourceCollection eq "\${firstResourceCollection}" and /firstResourceId eq "\${firstResourceId}" and /firstPropertyName eq "\${firstPropertyName}") and (/secondResourceCollection eq "\${secondResourceCollection}" and /secondResourceId eq "\${secondResourceId}" and /secondPropertyName eq "\${secondPropertyName}")) or ((/firstResourceCollection eq "\${secondResourceCollection}" and /firstResourceId eq "\${secondResourceId}" and /firstPropertyName eq "\${secondPropertyName}") and (/secondResourceCollection eq "\${firstResourceCollection}" and /secondResourceId eq "\${firstResourceId}" and /secondPropertyName eq "\${firstPropertyName}"))", - }, - "find-relationships-for-resource": { - "_queryFilter": "(/firstResourceCollection eq "\${resourceCollection}" and /firstResourceId eq "\${resourceId}" and /firstPropertyName eq "\${propertyName}") or (/secondResourceCollection eq "\${resourceCollection}" and /secondResourceId eq "\${resourceId}" and /secondPropertyName eq "\${propertyName}")", - }, - "for-userName": { - "_queryFilter": "/userName eq "\${uid}"", - }, - "get-by-field-value": { - "_queryFilter": "/\${field} eq "\${value}"", - }, - "get-notifications-for-user": { - "_queryFilter": "/receiverId eq "\${userId}"", - "_sortKeys": "-createDate", - }, - "get-recons": { - "_fields": "reconId,mapping,activitydate", - "_queryFilter": "/entryType eq "summary"", - "_sortKeys": "-activitydate", - }, - "links-for-firstId": { - "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", - }, - "links-for-linkType": { - "_queryFilter": "/linkType eq "\${linkType}"", - }, - "query-all": { - "_queryFilter": "true", - }, - "query-all-ids": { - "_fields": "_id,_rev", - "_queryFilter": "true", - }, - "query-cluster-events": { - "_queryFilter": "/instanceId eq "\${instanceId}"", - }, - "query-cluster-failed-instances": { - "_queryFilter": "/timestamp le \${timestamp} and (/state eq "1" or /state eq "2")", - }, - "query-cluster-instances": { - "_queryFilter": "true", - }, - "query-cluster-running-instances": { - "_queryFilter": "/state eq 1", - }, - }, + "condition": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", }, - "resourceMapping": { - "defaultMapping": { - "dnTemplate": "ou=generic,dc=openidm,dc=example,dc=com", + "situation": "SOURCE_MISSING", + }, + { + "action": { + "globals": {}, + "source": "//seantest", + "type": "groovy", + }, + "postAction": { + "globals": {}, + "source": "//seantest", + "type": "groovy", + }, + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "source": "managed/organization", + "syncAfter": [], + "target": "managed/role", +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/managedOrganization_managedSeantestmanagedobject.sync.json 1`] = ` +{ + "_id": "sync/managedOrganization_managedSeantestmanagedobject", + "consentRequired": false, + "displayName": "managedOrganization_managedSeantestmanagedobject", + "icon": null, + "name": "managedOrganization_managedSeantestmanagedobject", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/organization", + "syncAfter": [ + "managedOrganization_managedRole", + ], + "target": "managed/seantestmanagedobject", +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/managedSeantestmanagedobject_managedUser.sync.json 1`] = ` +{ + "_id": "sync/managedSeantestmanagedobject_managedUser", + "consentRequired": false, + "displayName": "managedSeantestmanagedobject_managedUser", + "icon": null, + "name": "managedSeantestmanagedobject_managedUser", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/seantestmanagedobject", + "syncAfter": [ + "managedOrganization_managedRole", + "managedOrganization_managedSeantestmanagedobject", + "managedAssignment_managedUser", + "seantestmapping", + ], + "target": "managed/user", +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/seantestmapping.sync.json 1`] = ` +{ + "_id": "sync/seantestmapping", + "consentRequired": false, + "displayName": "seantestmapping", + "icon": null, + "name": "seantestmapping", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/assignment", + "syncAfter": [ + "managedOrganization_managedRole", + "managedOrganization_managedSeantestmanagedobject", + "managedAssignment_managedUser", + ], + "target": "managed/organization", +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/sync.idm.json 1`] = ` +{ + "idm": { + "sync": { + "_id": "sync", + "mappings": [ + "file://managedOrganization_managedRole.sync.json", + "file://managedOrganization_managedSeantestmanagedobject.sync.json", + "file://managedAssignment_managedUser.sync.json", + "file://seantestmapping.sync.json", + "file://managedSeantestmanagedobject_managedUser.sync.json", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate 1`] = `""`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoEmailVerification.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "baselineDemoEmailVerification": { + "_id": "emailTemplate/baselineDemoEmailVerification", + "defaultLocale": "en", + "displayName": "Baseline Demo Email Verification", + "enabled": true, + "from": "security@example.com", + "html": { + "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verification for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "message": { + "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verfication for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #f6f6f6; + color: #455469; + padding: 60px; + text-align: center +} + a { + text-decoration: none; + color: #109cf1; +} + h1 { + font-size: 40px; + text-align: center; +} + h2 { + font-size: 36px; +} + h3 { + font-size: 32px; +} + h4 { + font-size: 28px; +} + h5 { + font-size: 24px; +} + h6 { + font-size: 20px; +} + .content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 600px +} + .button { + background-color: #109cf1; + border: none; + color: white; + padding: 15px 32px; + text-align: center; + text-decoration: none; + display: inline-block; + font-size: 16px; +} + ", + "subject": { + "en": "Please verify your email address", + }, + "templateId": "baselineDemoEmailVerification", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoMagicLink.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "baselineDemoMagicLink": { + "_id": "emailTemplate/baselineDemoMagicLink", + "defaultLocale": "en", + "displayName": "Baseline Demo Magic Link", + "enabled": true, + "from": "security@example.com", + "html": { + "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "message": { + "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #f6f6f6; + color: #455469; + padding: 60px; + text-align: center +} + a { + text-decoration: none; + color: #109cf1; +} + h1 { + font-size: 40px; + text-align: center; +} + h2 { + font-size: 36px; +} + h3 { + font-size: 32px; +} + h4 { + font-size: 28px; +} + h5 { + font-size: 24px; +} + h6 { + font-size: 20px; +} + .content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 600px +} + .button { + background-color: #109cf1; + border: none; + color: white; + padding: 15px 32px; + text-align: center; + text-decoration: none; + display: inline-block; + font-size: 16px; +} + ", + "subject": { + "en": "Your sign-in link", + }, + "templateId": "baselineDemoMagicLink", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/forgottenUsername.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "forgottenUsername": { + "_id": "emailTemplate/forgottenUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", + }, + "message": { + "en": "

{{#if object.userName}}Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "
{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Account Information - username", + "fr": "Informations sur le compte - nom d'utilisateur", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frEmailUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frEmailUpdated": { + "_id": "emailTemplate/frEmailUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account email has changed

Your ForgeRock Identity Cloud email has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your email has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frForgotUsername.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frForgotUsername": { + "_id": "emailTemplate/frForgotUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Forgot your username?

Your username is {{ object.userName }}.

Sign In to Your Account

If you didn't request this, please ignore this email.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Forgot Username", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frOnboarding.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frOnboarding": { + "_id": "emailTemplate/frOnboarding", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account is ready

Your ForgeRock Identity Cloud account is ready. Click the button below to complete registration and access your environment.

Complete Registration

If you did not request this account, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Complete your ForgeRock Identity Cloud registration", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frPasswordUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frPasswordUpdated": { + "_id": "emailTemplate/frPasswordUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account password has changed

Your ForgeRock Identity Cloud password has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your password has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frProfileUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frProfileUpdated": { + "_id": "emailTemplate/frProfileUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account profile has changed

Your ForgeRock Identity Cloud profile has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your profile has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frResetPassword.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frResetPassword": { + "_id": "emailTemplate/frResetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Reset your password

It seems you have forgotten the password for your ForgeRock Identity Cloud account. Click the button below to reset your password and access your environment.

Reset Password

If you did not request to reset your password, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frUsernameUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frUsernameUpdated": { + "_id": "emailTemplate/frUsernameUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account username has changed

Your ForgeRock Identity Cloud username has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your username has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/idv.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "idv": { + "_id": "emailTemplate/idv", + "defaultLocale": "en", + "description": "Identity Verification Invitation", + "displayName": "idv", + "enabled": true, + "from": "", + "html": { + "en": "

Click the link below to verify your identity:

Verify my identity now

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "message": { + "en": "

Click the link below to verify your identity:

Verify my identity now

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "mimeType": "text/html", + "name": "registration", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "You have been invited to verify your identity", + "fr": "Créer un nouveau compte", + }, + "templateId": "idv", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/joiner.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "joiner": { + "_id": "emailTemplate/joiner", + "advancedEditor": true, + "defaultLocale": "en", + "description": "This email will be sent onCreate of user to the external eMail address provided during creation. An OTP will also be sent to Telephone Number provided during creation to validate the user. The user will then be able to set their password and ForgeRock Push Authenticator", + "displayName": "Joiner", + "enabled": true, + "from": ""Encore HR" ", + "html": { + "en": "", + }, + "message": { + "en": " + + +
+

+ +

+

Welcome to Encore {{object.givenName}} {{object.sn}}

+

Please click on the link below to validate your phone number with a One Time Code that will be sent via SMS or called to you depending on your phone type.

+

You will see your UserName and have the ability to set your password that will be used to login to Encore resources.

+

As we believe in enhanced security, you will also be setting up a Push Notification for future use.

+ Click to Join Encore +
+ +", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #324054; + color: #455469; + padding: 60px; + text-align: center +} + a { + text-decoration: none; + color: #109cf1; +} + .content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 235px +} + ", + "subject": { + "en": "Welcome to Encore!", + }, + "templateId": "joiner", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registerPasswordlessDevice.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "registerPasswordlessDevice": { + "_id": "emailTemplate/registerPasswordlessDevice", + "defaultLocale": "en", + "description": "", + "displayName": "Register Passwordless Device", + "enabled": true, + "from": ""ForgeRock Identity Cloud" ", + "html": { + "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "message": { + "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #324054; + color: #455469; + padding: 60px; + text-align: center +} + +a { + text-decoration: none; + color: #109cf1; +} + +.content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 235px +} +", + "subject": { + "en": "Your magic link is here - register new WebAuthN device", + }, + "templateId": "registerPasswordlessDevice", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registration.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "registration": { + "_id": "emailTemplate/registration", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "message": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Register new account", + "fr": "Créer un nouveau compte", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/resetPassword.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "resetPassword": { + "_id": "emailTemplate/resetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Click to reset your password

Password reset link

", + "fr": "

Cliquez pour réinitialiser votre mot de passe

Mot de passe lien de réinitialisation

", + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password", + "fr": "Réinitialisez votre mot de passe", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/updatePassword.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "updatePassword": { + "_id": "emailTemplate/updatePassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "

Verify email to update password

Update password link

", + }, + "message": { + "en": "

Verify email to update password

Update password link

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Update your password", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/welcome.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "welcome": { + "_id": "emailTemplate/welcome", + "defaultLocale": "en", + "displayName": "Welcome", + "enabled": true, + "from": "", + "html": { + "en": "

Welcome. Your username is '{{object.userName}}'.

", + }, + "message": { + "en": "

Welcome. Your username is '{{object.userName}}'.

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Your account has been created", + }, + "templateId": "welcome", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/access.idm.json 1`] = ` +{ + "idm": { + "access": { + "_id": "access", + "configs": [ + { + "actions": "*", + "methods": "read", + "pattern": "info/*", + "roles": "*", }, - "explicitMapping": { - "clusteredrecontargetids": { - "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=example,dc=com", - "objectClasses": [ - "uidObject", - "fr-idm-recon-clusteredTargetIds", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "uid", - "type": "simple", - "writability": "createOnly", - }, - "reconId": { - "ldapAttribute": "fr-idm-recon-id", - "type": "simple", - }, - "targetIds": { - "ldapAttribute": "fr-idm-recon-targetIds", - "type": "json", - }, - }, - }, - "dsconfig/attributeValue": { - "dnTemplate": "cn=Password Validators,cn=config", - "objectClasses": [ - "ds-cfg-password-validator", - "ds-cfg-attribute-value-password-validator", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "checkSubstrings": { - "ldapAttribute": "ds-cfg-check-substrings", - "type": "simple", - }, - "enabled": { - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "javaClass": { - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "matchAttribute": { - "isMultiValued": true, - "ldapAttribute": "ds-cfg-match-attribute", - "type": "simple", - }, - "minSubstringLength": { - "ldapAttribute": "ds-cfg-min-substring-length", - "type": "simple", - }, - "testReversedPassword": { - "isRequired": true, - "ldapAttribute": "ds-cfg-test-reversed-password", - "type": "simple", - }, - }, - }, - "dsconfig/characterSet": { - "dnTemplate": "cn=Password Validators,cn=config", - "objectClasses": [ - "ds-cfg-password-validator", - "ds-cfg-character-set-password-validator", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "allowUnclassifiedCharacters": { - "isRequired": true, - "ldapAttribute": "ds-cfg-allow-unclassified-characters", - "type": "simple", - }, - "characterSet": { - "isMultiValued": true, - "ldapAttribute": "ds-cfg-character-set", - "type": "simple", - }, - "enabled": { - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "javaClass": { - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "minCharacterSets": { - "ldapAttribute": "ds-cfg-min-character-sets", - "type": "simple", - }, - }, - }, - "dsconfig/dictionary": { - "dnTemplate": "cn=Password Validators,cn=config", - "objectClasses": [ - "ds-cfg-password-validator", - "ds-cfg-dictionary-password-validator", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "caseSensitiveValidation": { - "isRequired": true, - "ldapAttribute": "ds-cfg-case-sensitive-validation", - "type": "simple", - }, - "checkSubstrings": { - "ldapAttribute": "ds-cfg-check-substrings", - "type": "simple", - }, - "dictionaryFile": { - "isRequired": true, - "ldapAttribute": "ds-cfg-dictionary-file", - "type": "simple", - }, - "enabled": { - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "javaClass": { - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "minSubstringLength": { - "ldapAttribute": "ds-cfg-min-substring-length", - "type": "simple", - }, - "testReversedPassword": { - "isRequired": true, - "ldapAttribute": "ds-cfg-test-reversed-password", - "type": "simple", - }, - }, - }, - "dsconfig/lengthBased": { - "dnTemplate": "cn=Password Validators,cn=config", - "objectClasses": [ - "ds-cfg-password-validator", - "ds-cfg-length-based-password-validator", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "enabled": { - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "javaClass": { - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "maxPasswordLength": { - "ldapAttribute": "ds-cfg-max-password-length", - "type": "simple", - }, - "minPasswordLength": { - "ldapAttribute": "ds-cfg-min-password-length", - "type": "simple", - }, - }, - }, - "dsconfig/passwordPolicies": { - "dnTemplate": "cn=Password Policies,cn=config", - "objectClasses": [ - "ds-cfg-password-policy", - "ds-cfg-authentication-policy", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "allowPreEncodedPasswords": { - "ldapAttribute": "ds-cfg-allow-pre-encoded-passwords", - "type": "simple", - }, - "defaultPasswordStorageScheme": { - "isMultiValued": true, - "isRequired": true, - "ldapAttribute": "ds-cfg-default-password-storage-scheme", - "type": "simple", - }, - "deprecatedPasswordStorageScheme": { - "isMultiValued": true, - "ldapAttribute": "ds-cfg-deprecated-password-storage-scheme", - "type": "simple", - }, - "maxPasswordAge": { - "ldapAttribute": "ds-cfg-max-password-age", - "type": "simple", - }, - "passwordAttribute": { - "isRequired": true, - "ldapAttribute": "ds-cfg-password-attribute", - "type": "simple", - }, - "passwordHistoryCount": { - "ldapAttribute": "ds-cfg-password-history-count", - "type": "simple", - }, - "validator": { - "isMultiValued": true, - "ldapAttribute": "ds-cfg-password-validator", - "type": "simple", - }, + { + "actions": "login,logout", + "methods": "read,action", + "pattern": "authentication", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/fidc/*", + "roles": "*", + }, + { + "actions": "*", + "methods": "*", + "pattern": "config/fidc/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/themeconfig", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/themerealm", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/uilocale/*", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/fieldPolicy/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "read", + "pattern": "info/uiconfig", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/dashboard", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "query", + "pattern": "info/features", + "roles": "*", + }, + { + "actions": "listPrivileges", + "methods": "action", + "pattern": "privilege", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "privilege/*", + "roles": "*", + }, + { + "actions": "validate", + "methods": "action", + "pattern": "util/validateQueryFilter", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled('kba')", + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "excludePatterns": "repo,repo/*", + "methods": "*", + "pattern": "*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "", + "methods": "create,read,update,delete,patch,query", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "methods": "script", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "test,testConfig,createconfiguration,liveSync,authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "command", + "customAuthz": "request.additionalParameters.commandId === 'delete-mapping-links'", + "methods": "action", + "pattern": "repo/link", + "roles": "internal/role/openidm-admin", + }, + { + "methods": "create,read,query,patch", + "pattern": "managed/*", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read,query", + "pattern": "internal/role/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "create,read,action,update", + "pattern": "profile/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "selfservice/terms", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "identityProviders", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "sendTemplate", + "methods": "action", + "pattern": "external/email", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "bind,unbind", + "customAuthz": "ownDataOnly()", + "methods": "read,action,delete", + "pattern": "*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', [])", + "methods": "update,patch,action", + "pattern": "*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "patch", + "customAuthz": "(request.resourcePath === 'selfservice/user/' + context.security.authorization.id) && onlyEditableManagedObjectProperties('user', [])", + "methods": "patch,action", + "pattern": "selfservice/user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "patch", + "customAuthz": "isQueryOneOf({'managed/user': ['for-userName']}) && restrictPatchToFields(['password'])", + "methods": "patch,action", + "pattern": "managed/user", + "roles": "internal/role/openidm-cert", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_meta', false)", + "methods": "read", + "pattern": "internal/usermeta/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_notifications', true)", + "methods": "read,delete", + "pattern": "internal/notification/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "", + "customAuthz": "ownDataOnly()", + "methods": "read,delete", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('alpha_user', [])", + "methods": "update,patch,action", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "", + "customAuthz": "ownDataOnly()", + "methods": "read,delete", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('bravo_user', [])", + "methods": "update,patch,action", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "deleteNotificationsForTarget", + "customAuthz": "request.additionalParameters.target === (context.security.authorization.component + '/' + context.security.authorization.id)", + "methods": "action", + "pattern": "notification", + "roles": "internal/role/openidm-authorized", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/alphaOrgPrivileges.idm.json 1`] = ` +{ + "idm": { + "alphaOrgPrivileges": { + "_id": "alphaOrgPrivileges", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, }, - }, - "dsconfig/repeatedCharacters": { - "dnTemplate": "cn=Password Validators,cn=config", - "objectClasses": [ - "ds-cfg-password-validator", - "ds-cfg-repeated-characters-password-validator", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "caseSensitiveValidation": { - "isRequired": true, - "ldapAttribute": "ds-cfg-case-sensitive-validation", - "type": "simple", - }, - "enabled": { - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "javaClass": { - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "maxConsecutiveLength": { - "isRequired": true, - "ldapAttribute": "ds-cfg-max-consecutive-length", - "type": "simple", - }, + { + "attribute": "description", + "readOnly": false, }, - }, - "dsconfig/similarityBased": { - "dnTemplate": "cn=Password Validators,cn=config", - "objectClasses": [ - "ds-cfg-password-validator", - "ds-cfg-similarity-based-password-validator", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "enabled": { - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "javaClass": { - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "minPasswordDifference": { - "isRequired": true, - "ldapAttribute": "ds-cfg-min-password-difference", - "type": "simple", - }, + { + "attribute": "owners", + "readOnly": true, }, - }, - "dsconfig/uniqueCharacters": { - "dnTemplate": "cn=Password Validators,cn=config", - "objectClasses": [ - "ds-cfg-password-validator", - "ds-cfg-unique-characters-password-validator", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "caseSensitiveValidation": { - "isRequired": true, - "ldapAttribute": "ds-cfg-case-sensitive-validation", - "type": "simple", - }, - "enabled": { - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "javaClass": { - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "minUniqueCharacters": { - "isRequired": true, - "ldapAttribute": "ds-cfg-min-unique-characters", - "type": "simple", - }, + { + "attribute": "admins", + "readOnly": false, }, - }, - "dsconfig/userDefinedVirtualAttribute": { - "dnTemplate": "cn=Virtual Attributes,cn=config", - "objectClasses": [ - "ds-cfg-user-defined-virtual-attribute", - "ds-cfg-virtual-attribute", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "attributeType": { - "isRequired": true, - "ldapAttribute": "ds-cfg-attribute-type", - "type": "simple", - }, - "baseDn": { - "isMultiValued": true, - "ldapAttribute": "ds-cfg-base-dn", - "type": "simple", - }, - "conflictBehavior": { - "ldapAttribute": "ds-cfg-conflict-behavior", - "type": "simple", - }, - "enabled": { - "isRequired": true, - "ldapAttribute": "ds-cfg-enabled", - "type": "simple", - }, - "filter": { - "isMultiValued": true, - "ldapAttribute": "ds-cfg-filter", - "type": "simple", - }, - "groupDn": { - "ldapAttribute": "ds-cfg-group-dn", - "type": "simple", - }, - "javaClass": { - "isRequired": true, - "ldapAttribute": "ds-cfg-java-class", - "type": "simple", - }, - "scope": { - "ldapAttribute": "ds-cfg-scope", - "type": "simple", - }, - "value": { - "isMultiValued": true, - "isRequired": true, - "ldapAttribute": "ds-cfg-value", - "type": "simple", - }, + { + "attribute": "members", + "readOnly": false, }, - }, - "identities/admin": { - "dnTemplate": "o=root,ou=identities", - "isReadOnly": true, - "namingStrategy": { - "dnAttribute": "ou", - "type": "clientDnNaming", + { + "attribute": "parent", + "readOnly": false, }, - "objectClasses": [ - "organizationalunit", - ], - "properties": { - "_id": { - "ldapAttribute": "ou", - "primaryKey": true, - "type": "simple", - }, - "count": { - "isRequired": true, - "ldapAttribute": "numSubordinates", - "type": "simple", - "writability": "readOnly", - }, + { + "attribute": "children", + "readOnly": false, }, - }, - "identities/alpha": { - "dnTemplate": "o=alpha,o=root,ou=identities", - "isReadOnly": true, - "namingStrategy": { - "dnAttribute": "ou", - "type": "clientDnNaming", + { + "attribute": "parentIDs", + "readOnly": true, }, - "objectClasses": [ - "organizationalunit", - ], - "properties": { - "_id": { - "ldapAttribute": "ou", - "primaryKey": true, - "type": "simple", - }, - "count": { - "isRequired": true, - "ldapAttribute": "numSubordinates", - "type": "simple", - "writability": "readOnly", - }, + { + "attribute": "adminIDs", + "readOnly": true, }, - }, - "identities/bravo": { - "dnTemplate": "o=bravo,o=root,ou=identities", - "isReadOnly": true, - "namingStrategy": { - "dnAttribute": "ou", - "type": "clientDnNaming", + { + "attribute": "parentAdminIDs", + "readOnly": true, }, - "objectClasses": [ - "organizationalunit", - ], - "properties": { - "_id": { - "ldapAttribute": "ou", - "primaryKey": true, - "type": "simple", - }, - "count": { - "isRequired": true, - "ldapAttribute": "numSubordinates", - "type": "simple", - "writability": "readOnly", - }, + { + "attribute": "ownerIDs", + "readOnly": true, }, - }, - "internal/role": { - "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=example,dc=com", - "objectClasses": [ - "fr-idm-internal-role", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", - }, - "authzMembers": { - "isMultiValued": true, - "propertyName": "authzRoles", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, - "condition": { - "ldapAttribute": "fr-idm-condition", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "name": { - "ldapAttribute": "fr-idm-name", - "type": "simple", - }, - "privileges": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-privilege", - "type": "json", - }, - "temporalConstraints": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-temporal-constraints", - "type": "json", - }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, }, - }, - "internal/user": { - "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=example,dc=com", - "objectClasses": [ - "uidObject", - "fr-idm-internal-user", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "uid", - "type": "simple", - "writability": "createOnly", - }, - "password": { - "ldapAttribute": "fr-idm-password", - "type": "json", - }, + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, }, - }, - "link": { - "dnTemplate": "ou=links,dc=openidm,dc=example,dc=com", - "objectClasses": [ - "uidObject", - "fr-idm-link", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "uid", - "type": "simple", - "writability": "createOnly", - }, - "firstId": { - "ldapAttribute": "fr-idm-link-firstId", - "type": "simple", - }, - "linkQualifier": { - "ldapAttribute": "fr-idm-link-qualifier", - "type": "simple", - }, - "linkType": { - "ldapAttribute": "fr-idm-link-type", - "type": "simple", - }, - "secondId": { - "ldapAttribute": "fr-idm-link-secondId", - "type": "simple", - }, + { + "attribute": "description", + "readOnly": false, }, - }, - "locks": { - "dnTemplate": "ou=locks,dc=openidm,dc=example,dc=com", - "objectClasses": [ - "uidObject", - "fr-idm-lock", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "uid", - "type": "simple", - "writability": "createOnly", - }, - "nodeId": { - "ldapAttribute": "fr-idm-lock-nodeid", - "type": "simple", - }, + { + "attribute": "owners", + "readOnly": true, }, - }, - "managed/teammember": { - "dnTemplate": "ou=people,o=root,ou=identities", - "namingStrategy": { - "dnAttribute": "fr-idm-uuid", - "type": "clientDnNaming", + { + "attribute": "admins", + "readOnly": false, }, - "nativeId": false, - "objectClasses": [ - "person", - "organizationalPerson", - "inetOrgPerson", - "fraas-admin", - "iplanet-am-user-service", - "deviceProfilesContainer", - "devicePrintProfilesContainer", - "kbaInfoContainer", - "fr-idm-managed-user-explicit", - "forgerock-am-dashboard-service", - "inetuser", - "iplanet-am-auth-configuration-service", - "iplanet-am-managed-person", - "iPlanetPreferences", - "oathDeviceProfilesContainer", - "pushDeviceProfilesContainer", - "sunAMAuthAccountLockout", - "sunFMSAML2NameIdentifier", - "webauthnDeviceProfilesContainer", - "fr-idm-hybrid-obj", - ], - "properties": { - "_id": { - "ldapAttribute": "fr-idm-uuid", - "primaryKey": true, - "type": "simple", - }, - "_meta": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-meta", - "primaryKey": "uid", - "resourcePath": "managed/teammembermeta", - "type": "reference", - }, - "accountStatus": { - "ldapAttribute": "inetUserStatus", - "type": "simple", - }, - "cn": { - "ldapAttribute": "cn", - "type": "simple", - }, - "givenName": { - "ldapAttribute": "givenName", - "type": "simple", - }, - "inviteDate": { - "ldapAttribute": "fr-idm-inviteDate", - "type": "simple", - }, - "jurisdiction": { - "ldapAttribute": "fr-idm-jurisdiction", - "type": "simple", - }, - "mail": { - "ldapAttribute": "mail", - "type": "simple", - }, - "onboardDate": { - "ldapAttribute": "fr-idm-onboardDate", - "type": "simple", - }, - "password": { - "ldapAttribute": "userPassword", - "type": "simple", - }, - "sn": { - "ldapAttribute": "sn", - "type": "simple", - }, - "userName": { - "ldapAttribute": "uid", - "type": "simple", - }, + { + "attribute": "members", + "readOnly": false, }, - }, - "managed/teammembergroup": { - "dnTemplate": "ou=groups,o=root,ou=identities", - "objectClasses": [ - "groupofuniquenames", - ], - "properties": { - "_id": { - "ldapAttribute": "cn", - "primaryKey": true, - "type": "simple", - }, - "members": { - "isMultiValued": true, - "ldapAttribute": "uniqueMember", - "type": "simple", - }, + { + "attribute": "parent", + "readOnly": false, }, - }, - "recon/assoc": { - "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=example,dc=com", - "namingStrategy": { - "dnAttribute": "fr-idm-reconassoc-reconid", - "type": "clientDnNaming", + { + "attribute": "children", + "readOnly": false, }, - "objectClasses": [ - "fr-idm-reconassoc", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "fr-idm-reconassoc-reconid", - "type": "simple", - }, - "finishTime": { - "ldapAttribute": "fr-idm-reconassoc-finishtime", - "type": "simple", - }, - "isAnalysis": { - "ldapAttribute": "fr-idm-reconassoc-isanalysis", - "type": "simple", - }, - "mapping": { - "ldapAttribute": "fr-idm-reconassoc-mapping", - "type": "simple", - }, - "sourceResourceCollection": { - "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", - "type": "simple", - }, - "targetResourceCollection": { - "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", - "type": "simple", - }, + { + "attribute": "parentIDs", + "readOnly": true, }, - "subResources": { - "entry": { - "namingStrategy": { - "dnAttribute": "uid", - "type": "clientDnNaming", - }, - "resource": "recon-assoc-entry", - "type": "collection", - }, + { + "attribute": "adminIDs", + "readOnly": true, }, - }, - "recon/assoc/entry": { - "objectClasses": [ - "uidObject", - "fr-idm-reconassocentry", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "uid", - "type": "simple", - }, - "action": { - "ldapAttribute": "fr-idm-reconassocentry-action", - "type": "simple", - }, - "ambiguousTargetObjectIds": { - "ldapAttribute": "fr-idm-reconassocentry-ambiguoustargetobjectids", - "type": "simple", - }, - "exception": { - "ldapAttribute": "fr-idm-reconassocentry-exception", - "type": "simple", - }, - "isAnalysis": { - "ldapAttribute": "fr-idm-reconassoc-isanalysis", - "type": "simple", - }, - "linkQualifier": { - "ldapAttribute": "fr-idm-reconassocentry-linkqualifier", - "type": "simple", - }, - "mapping": { - "ldapAttribute": "fr-idm-reconassoc-mapping", - "type": "simple", - }, - "message": { - "ldapAttribute": "fr-idm-reconassocentry-message", - "type": "simple", - }, - "messageDetail": { - "ldapAttribute": "fr-idm-reconassocentry-messagedetail", - "type": "simple", - }, - "phase": { - "ldapAttribute": "fr-idm-reconassocentry-phase", - "type": "simple", - }, - "reconId": { - "ldapAttribute": "fr-idm-reconassocentry-reconid", - "type": "simple", - }, - "situation": { - "ldapAttribute": "fr-idm-reconassocentry-situation", - "type": "simple", - }, - "sourceObjectId": { - "ldapAttribute": "fr-idm-reconassocentry-sourceObjectId", - "type": "simple", - }, - "sourceResourceCollection": { - "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", - "type": "simple", - }, - "status": { - "ldapAttribute": "fr-idm-reconassocentry-status", - "type": "simple", - }, - "targetObjectId": { - "ldapAttribute": "fr-idm-reconassocentry-targetObjectId", - "type": "simple", - }, - "targetResourceCollection": { - "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", - "type": "simple", - }, + { + "attribute": "parentAdminIDs", + "readOnly": true, }, - "resourceName": "recon-assoc-entry", - "subResourceRouting": [ - { - "prefix": "entry", - "template": "recon/assoc/{reconId}/entry", - }, - ], - }, - "sync/queue": { - "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=example,dc=com", - "objectClasses": [ - "uidObject", - "fr-idm-syncqueue", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "uid", - "type": "simple", - "writability": "createOnly", - }, - "context": { - "ldapAttribute": "fr-idm-syncqueue-context", - "type": "json", - }, - "createDate": { - "ldapAttribute": "fr-idm-syncqueue-createdate", - "type": "simple", - }, - "mapping": { - "ldapAttribute": "fr-idm-syncqueue-mapping", - "type": "simple", - }, - "newObject": { - "ldapAttribute": "fr-idm-syncqueue-newobject", - "type": "json", - }, - "nodeId": { - "ldapAttribute": "fr-idm-syncqueue-nodeid", - "type": "simple", - }, - "objectRev": { - "ldapAttribute": "fr-idm-syncqueue-objectRev", - "type": "simple", - }, - "oldObject": { - "ldapAttribute": "fr-idm-syncqueue-oldobject", - "type": "json", - }, - "remainingRetries": { - "ldapAttribute": "fr-idm-syncqueue-remainingretries", - "type": "simple", - }, - "resourceCollection": { - "ldapAttribute": "fr-idm-syncqueue-resourcecollection", - "type": "simple", - }, - "resourceId": { - "ldapAttribute": "fr-idm-syncqueue-resourceid", - "type": "simple", - }, - "state": { - "ldapAttribute": "fr-idm-syncqueue-state", - "type": "simple", - }, - "syncAction": { - "ldapAttribute": "fr-idm-syncqueue-syncaction", - "type": "simple", - }, + { + "attribute": "ownerIDs", + "readOnly": true, }, - }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "CREATE", + ], }, - "genericMapping": { - "cluster/*": { - "dnTemplate": "ou=cluster,dc=openidm,dc=example,dc=com", - "jsonAttribute": "fr-idm-cluster-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", - "objectClasses": [ - "uidObject", - "fr-idm-cluster-obj", - ], - }, - "config": { - "dnTemplate": "ou=config,dc=openidm,dc=example,dc=com", - }, - "file": { - "dnTemplate": "ou=file,dc=openidm,dc=example,dc=com", - }, - "internal/notification": { - "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=example,dc=com", - "jsonAttribute": "fr-idm-notification-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-notification", - ], - "properties": { - "target": { - "propertyName": "_notifications", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, }, - }, - "internal/usermeta": { - "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=example,dc=com", - "jsonAttribute": "fr-idm-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-generic-obj", - ], - "properties": { - "target": { - "propertyName": "_meta", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, + { + "attribute": "password", + "readOnly": false, }, - }, - "jsonstorage": { - "dnTemplate": "ou=jsonstorage,dc=openidm,dc=example,dc=com", - }, - "managed/*": { - "dnTemplate": "ou=managed,dc=openidm,dc=example,dc=com", - }, - "managed/alpha_group": { - "dnTemplate": "ou=groups,o=alpha,o=root,ou=identities", - "idGenerator": { - "propertyName": "name", - "type": "property", + { + "attribute": "givenName", + "readOnly": false, }, - "jsonAttribute": "fr-idm-managed-group-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "cn", - "type": "clientDnNaming", + { + "attribute": "sn", + "readOnly": false, }, - "nativeId": false, - "objectClasses": [ - "top", - "groupOfURLs", - "fr-idm-managed-group", - ], - "properties": { - "_id": { - "ldapAttribute": "cn", - "primaryKey": true, - "type": "simple", - "writability": "createOnly", - }, - "condition": { - "ldapAttribute": "fr-idm-managed-group-condition", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "members": { - "isMultiValued": true, - "propertyName": "groups", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, + { + "attribute": "mail", + "readOnly": false, }, - }, - "managed/alpha_organization": { - "dnTemplate": "ou=organization,o=alpha,o=root,ou=identities", - "jsonAttribute": "fr-idm-managed-organization-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-managed-organization", - "fr-ext-attrs", - ], - "properties": { - "_id": { - "ldapAttribute": "uid", - "type": "simple", - }, - "admins": { - "isMultiValued": true, - "propertyName": "adminOfOrg", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, - "children": { - "isMultiValued": true, - "propertyName": "parent", - "resourcePath": "managed/alpha_organization", - "type": "reverseReference", - }, - "members": { - "isMultiValued": true, - "propertyName": "memberOfOrg", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, - "name": { - "ldapAttribute": "fr-idm-managed-organization-name", - "type": "simple", - }, - "owners": { - "isMultiValued": true, - "propertyName": "ownerOfOrg", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, - "parent": { - "ldapAttribute": "fr-idm-managed-organization-parent", - "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", - "type": "reference", - }, + { + "attribute": "description", + "readOnly": false, }, - }, - "managed/alpha_role": { - "dnTemplate": "ou=role,o=alpha,o=root,ou=identities", - "jsonAttribute": "fr-idm-managed-role-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", - "objectClasses": [ - "uidObject", - "fr-idm-managed-role", - ], - "properties": { - "members": { - "isMultiValued": true, - "propertyName": "roles", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, + { + "attribute": "accountStatus", + "readOnly": false, }, - }, - "managed/alpha_user": { - "dnTemplate": "ou=user,o=alpha,o=root,ou=identities", - "jsonAttribute": "fr-idm-custom-attrs", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "fr-idm-uuid", - "type": "clientDnNaming", + { + "attribute": "telephoneNumber", + "readOnly": false, }, - "nativeId": false, - "objectClasses": [ - "person", - "organizationalPerson", - "inetOrgPerson", - "iplanet-am-user-service", - "devicePrintProfilesContainer", - "deviceProfilesContainer", - "kbaInfoContainer", - "fr-idm-managed-user-explicit", - "forgerock-am-dashboard-service", - "inetuser", - "iplanet-am-auth-configuration-service", - "iplanet-am-managed-person", - "iPlanetPreferences", - "oathDeviceProfilesContainer", - "pushDeviceProfilesContainer", - "sunAMAuthAccountLockout", - "sunFMSAML2NameIdentifier", - "webauthnDeviceProfilesContainer", - "fr-idm-hybrid-obj", - "fr-ext-attrs", - ], - "properties": { - "_id": { - "ldapAttribute": "fr-idm-uuid", - "primaryKey": true, - "type": "simple", - }, - "_meta": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-meta", - "primaryKey": "uid", - "resourcePath": "managed/alpha_usermeta", - "type": "reference", - }, - "_notifications": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-notifications", - "primaryKey": "uid", - "resourcePath": "internal/notification", - "type": "reference", - }, - "accountStatus": { - "ldapAttribute": "inetUserStatus", - "type": "simple", - }, - "adminOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-admin", - "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", - "type": "reference", - }, - "aliasList": { - "isMultiValued": true, - "ldapAttribute": "iplanet-am-user-alias-list", - "type": "simple", - }, - "assignedDashboard": { - "isMultiValued": true, - "ldapAttribute": "assignedDashboard", - "type": "simple", - }, - "authzRoles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", - "primaryKey": "cn", - "resourcePath": "internal/role", - "type": "reference", - }, - "city": { - "ldapAttribute": "l", - "type": "simple", - }, - "cn": { - "ldapAttribute": "cn", - "type": "simple", - }, - "consentedMappings": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-consentedMapping", - "type": "json", - }, - "country": { - "ldapAttribute": "co", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "displayName": { - "ldapAttribute": "displayName", - "type": "simple", - }, - "effectiveAssignments": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveAssignment", - "type": "json", - }, - "effectiveGroups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveGroup", - "type": "json", - }, - "effectiveRoles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveRole", - "type": "json", - }, - "frIndexedDate1": { - "ldapAttribute": "fr-attr-idate1", - "type": "simple", - }, - "frIndexedDate2": { - "ldapAttribute": "fr-attr-idate2", - "type": "simple", - }, - "frIndexedDate3": { - "ldapAttribute": "fr-attr-idate3", - "type": "simple", - }, - "frIndexedDate4": { - "ldapAttribute": "fr-attr-idate4", - "type": "simple", - }, - "frIndexedDate5": { - "ldapAttribute": "fr-attr-idate5", - "type": "simple", - }, - "frIndexedInteger1": { - "ldapAttribute": "fr-attr-iint1", - "type": "simple", - }, - "frIndexedInteger2": { - "ldapAttribute": "fr-attr-iint2", - "type": "simple", - }, - "frIndexedInteger3": { - "ldapAttribute": "fr-attr-iint3", - "type": "simple", - }, - "frIndexedInteger4": { - "ldapAttribute": "fr-attr-iint4", - "type": "simple", - }, - "frIndexedInteger5": { - "ldapAttribute": "fr-attr-iint5", - "type": "simple", - }, - "frIndexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti1", - "type": "simple", - }, - "frIndexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti2", - "type": "simple", - }, - "frIndexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti3", - "type": "simple", - }, - "frIndexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti4", - "type": "simple", - }, - "frIndexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti5", - "type": "simple", - }, - "frIndexedString1": { - "ldapAttribute": "fr-attr-istr1", - "type": "simple", - }, - "frIndexedString2": { - "ldapAttribute": "fr-attr-istr2", - "type": "simple", - }, - "frIndexedString3": { - "ldapAttribute": "fr-attr-istr3", - "type": "simple", - }, - "frIndexedString4": { - "ldapAttribute": "fr-attr-istr4", - "type": "simple", - }, - "frIndexedString5": { - "ldapAttribute": "fr-attr-istr5", - "type": "simple", - }, - "frUnindexedDate1": { - "ldapAttribute": "fr-attr-date1", - "type": "simple", - }, - "frUnindexedDate2": { - "ldapAttribute": "fr-attr-date2", - "type": "simple", - }, - "frUnindexedDate3": { - "ldapAttribute": "fr-attr-date3", - "type": "simple", - }, - "frUnindexedDate4": { - "ldapAttribute": "fr-attr-date4", - "type": "simple", - }, - "frUnindexedDate5": { - "ldapAttribute": "fr-attr-date5", - "type": "simple", - }, - "frUnindexedInteger1": { - "ldapAttribute": "fr-attr-int1", - "type": "simple", - }, - "frUnindexedInteger2": { - "ldapAttribute": "fr-attr-int2", - "type": "simple", - }, - "frUnindexedInteger3": { - "ldapAttribute": "fr-attr-int3", - "type": "simple", - }, - "frUnindexedInteger4": { - "ldapAttribute": "fr-attr-int4", - "type": "simple", - }, - "frUnindexedInteger5": { - "ldapAttribute": "fr-attr-int5", - "type": "simple", - }, - "frUnindexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi1", - "type": "simple", - }, - "frUnindexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi2", - "type": "simple", - }, - "frUnindexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi3", - "type": "simple", - }, - "frUnindexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi4", - "type": "simple", - }, - "frUnindexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi5", - "type": "simple", - }, - "frUnindexedString1": { - "ldapAttribute": "fr-attr-str1", - "type": "simple", - }, - "frUnindexedString2": { - "ldapAttribute": "fr-attr-str2", - "type": "simple", - }, - "frUnindexedString3": { - "ldapAttribute": "fr-attr-str3", - "type": "simple", - }, - "frUnindexedString4": { - "ldapAttribute": "fr-attr-str4", - "type": "simple", - }, - "frUnindexedString5": { - "ldapAttribute": "fr-attr-str5", - "type": "simple", - }, - "givenName": { - "ldapAttribute": "givenName", - "type": "simple", - }, - "groups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-groups", - "primaryKey": "cn", - "resourcePath": "managed/alpha_group", - "type": "reference", - }, - "kbaInfo": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-kbaInfo", - "type": "json", - }, - "lastSync": { - "ldapAttribute": "fr-idm-lastSync", - "type": "json", - }, - "mail": { - "ldapAttribute": "mail", - "type": "simple", - }, - "manager": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-manager", - "primaryKey": "uid", - "resourcePath": "managed/alpha_user", - "type": "reference", - }, - "memberOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-member", - "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", - "type": "reference", - }, - "memberOfOrgIDs": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-memberoforgid", - "type": "simple", - }, - "ownerOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-owner", - "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", - "type": "reference", - }, - "password": { - "ldapAttribute": "userPassword", - "type": "simple", - }, - "postalAddress": { - "ldapAttribute": "street", - "type": "simple", - }, - "postalCode": { - "ldapAttribute": "postalCode", - "type": "simple", - }, - "preferences": { - "ldapAttribute": "fr-idm-preferences", - "type": "json", - }, - "profileImage": { - "ldapAttribute": "labeledURI", - "type": "simple", - }, - "reports": { - "isMultiValued": true, - "propertyName": "manager", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, - "roles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-roles", - "primaryKey": "uid", - "resourcePath": "managed/alpha_role", - "type": "reference", - }, - "sn": { - "ldapAttribute": "sn", - "type": "simple", - }, - "stateProvince": { - "ldapAttribute": "st", - "type": "simple", - }, - "telephoneNumber": { - "ldapAttribute": "telephoneNumber", - "type": "simple", - }, - "userName": { - "ldapAttribute": "uid", - "type": "simple", - }, + { + "attribute": "postalAddress", + "readOnly": false, }, - }, - "managed/alpha_usermeta": { - "dnTemplate": "ou=usermeta,o=alpha,o=root,ou=identities", - "jsonAttribute": "fr-idm-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-generic-obj", - ], - "properties": { - "target": { - "propertyName": "_meta", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, + { + "attribute": "city", + "readOnly": false, }, - }, - "managed/bravo_group": { - "dnTemplate": "ou=groups,o=bravo,o=root,ou=identities", - "idGenerator": { - "propertyName": "name", - "type": "property", + { + "attribute": "postalCode", + "readOnly": false, }, - "jsonAttribute": "fr-idm-managed-group-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "cn", - "type": "clientDnNaming", + { + "attribute": "country", + "readOnly": false, }, - "nativeId": false, - "objectClasses": [ - "top", - "groupOfURLs", - "fr-idm-managed-group", - ], - "properties": { - "_id": { - "ldapAttribute": "cn", - "primaryKey": true, - "type": "simple", - "writability": "createOnly", - }, - "condition": { - "ldapAttribute": "fr-idm-managed-group-condition", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "members": { - "isMultiValued": true, - "propertyName": "groups", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, + { + "attribute": "stateProvince", + "readOnly": false, }, - }, - "managed/bravo_organization": { - "dnTemplate": "ou=organization,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-managed-organization-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-managed-organization", - "fr-ext-attrs", - ], - "properties": { - "_id": { - "ldapAttribute": "uid", - "type": "simple", - }, - "admins": { - "isMultiValued": true, - "propertyName": "adminOfOrg", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "children": { - "isMultiValued": true, - "propertyName": "parent", - "resourcePath": "managed/bravo_organization", - "type": "reverseReference", - }, - "members": { - "isMultiValued": true, - "propertyName": "memberOfOrg", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "name": { - "ldapAttribute": "fr-idm-managed-organization-name", - "type": "simple", - }, - "owners": { - "isMultiValued": true, - "propertyName": "ownerOfOrg", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "parent": { - "ldapAttribute": "fr-idm-managed-organization-parent", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", - }, + { + "attribute": "roles", + "readOnly": false, }, - }, - "managed/bravo_role": { - "dnTemplate": "ou=role,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-managed-role-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", - "objectClasses": [ - "uidObject", - "fr-idm-managed-role", - ], - "properties": { - "members": { - "isMultiValued": true, - "propertyName": "roles", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, + { + "attribute": "groups", + "readOnly": false, }, - }, - "managed/bravo_user": { - "dnTemplate": "ou=user,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-custom-attrs", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "fr-idm-uuid", - "type": "clientDnNaming", + { + "attribute": "manager", + "readOnly": false, }, - "nativeId": false, - "objectClasses": [ - "person", - "organizationalPerson", - "inetOrgPerson", - "iplanet-am-user-service", - "devicePrintProfilesContainer", - "deviceProfilesContainer", - "kbaInfoContainer", - "fr-idm-managed-user-explicit", - "forgerock-am-dashboard-service", - "inetuser", - "iplanet-am-auth-configuration-service", - "iplanet-am-managed-person", - "iPlanetPreferences", - "oathDeviceProfilesContainer", - "pushDeviceProfilesContainer", - "sunAMAuthAccountLockout", - "sunFMSAML2NameIdentifier", - "webauthnDeviceProfilesContainer", - "fr-idm-hybrid-obj", - "fr-ext-attrs", - ], - "properties": { - "_id": { - "ldapAttribute": "fr-idm-uuid", - "primaryKey": true, - "type": "simple", - }, - "_meta": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-meta", - "primaryKey": "uid", - "resourcePath": "managed/bravo_usermeta", - "type": "reference", - }, - "_notifications": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-notifications", - "primaryKey": "uid", - "resourcePath": "internal/notification", - "type": "reference", - }, - "accountStatus": { - "ldapAttribute": "inetUserStatus", - "type": "simple", - }, - "adminOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-admin", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", - }, - "aliasList": { - "isMultiValued": true, - "ldapAttribute": "iplanet-am-user-alias-list", - "type": "simple", - }, - "assignedDashboard": { - "isMultiValued": true, - "ldapAttribute": "assignedDashboard", - "type": "simple", - }, - "authzRoles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", - "primaryKey": "cn", - "resourcePath": "internal/role", - "type": "reference", - }, - "city": { - "ldapAttribute": "l", - "type": "simple", - }, - "cn": { - "ldapAttribute": "cn", - "type": "simple", - }, - "consentedMappings": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-consentedMapping", - "type": "json", - }, - "country": { - "ldapAttribute": "co", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "displayName": { - "ldapAttribute": "displayName", - "type": "simple", - }, - "effectiveAssignments": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveAssignment", - "type": "json", - }, - "effectiveGroups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveGroup", - "type": "json", - }, - "effectiveRoles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveRole", - "type": "json", - }, - "frIndexedDate1": { - "ldapAttribute": "fr-attr-idate1", - "type": "simple", - }, - "frIndexedDate2": { - "ldapAttribute": "fr-attr-idate2", - "type": "simple", - }, - "frIndexedDate3": { - "ldapAttribute": "fr-attr-idate3", - "type": "simple", - }, - "frIndexedDate4": { - "ldapAttribute": "fr-attr-idate4", - "type": "simple", - }, - "frIndexedDate5": { - "ldapAttribute": "fr-attr-idate5", - "type": "simple", - }, - "frIndexedInteger1": { - "ldapAttribute": "fr-attr-iint1", - "type": "simple", - }, - "frIndexedInteger2": { - "ldapAttribute": "fr-attr-iint2", - "type": "simple", - }, - "frIndexedInteger3": { - "ldapAttribute": "fr-attr-iint3", - "type": "simple", - }, - "frIndexedInteger4": { - "ldapAttribute": "fr-attr-iint4", - "type": "simple", - }, - "frIndexedInteger5": { - "ldapAttribute": "fr-attr-iint5", - "type": "simple", - }, - "frIndexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti1", - "type": "simple", - }, - "frIndexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti2", - "type": "simple", - }, - "frIndexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti3", - "type": "simple", - }, - "frIndexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti4", - "type": "simple", - }, - "frIndexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti5", - "type": "simple", - }, - "frIndexedString1": { - "ldapAttribute": "fr-attr-istr1", - "type": "simple", - }, - "frIndexedString2": { - "ldapAttribute": "fr-attr-istr2", - "type": "simple", - }, - "frIndexedString3": { - "ldapAttribute": "fr-attr-istr3", - "type": "simple", - }, - "frIndexedString4": { - "ldapAttribute": "fr-attr-istr4", - "type": "simple", - }, - "frIndexedString5": { - "ldapAttribute": "fr-attr-istr5", - "type": "simple", - }, - "frUnindexedDate1": { - "ldapAttribute": "fr-attr-date1", - "type": "simple", - }, - "frUnindexedDate2": { - "ldapAttribute": "fr-attr-date2", - "type": "simple", - }, - "frUnindexedDate3": { - "ldapAttribute": "fr-attr-date3", - "type": "simple", - }, - "frUnindexedDate4": { - "ldapAttribute": "fr-attr-date4", - "type": "simple", - }, - "frUnindexedDate5": { - "ldapAttribute": "fr-attr-date5", - "type": "simple", - }, - "frUnindexedInteger1": { - "ldapAttribute": "fr-attr-int1", - "type": "simple", - }, - "frUnindexedInteger2": { - "ldapAttribute": "fr-attr-int2", - "type": "simple", - }, - "frUnindexedInteger3": { - "ldapAttribute": "fr-attr-int3", - "type": "simple", - }, - "frUnindexedInteger4": { - "ldapAttribute": "fr-attr-int4", - "type": "simple", - }, - "frUnindexedInteger5": { - "ldapAttribute": "fr-attr-int5", - "type": "simple", - }, - "frUnindexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi1", - "type": "simple", - }, - "frUnindexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi2", - "type": "simple", - }, - "frUnindexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi3", - "type": "simple", - }, - "frUnindexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi4", - "type": "simple", - }, - "frUnindexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi5", - "type": "simple", - }, - "frUnindexedString1": { - "ldapAttribute": "fr-attr-str1", - "type": "simple", - }, - "frUnindexedString2": { - "ldapAttribute": "fr-attr-str2", - "type": "simple", - }, - "frUnindexedString3": { - "ldapAttribute": "fr-attr-str3", - "type": "simple", - }, - "frUnindexedString4": { - "ldapAttribute": "fr-attr-str4", - "type": "simple", - }, - "frUnindexedString5": { - "ldapAttribute": "fr-attr-str5", - "type": "simple", - }, - "givenName": { - "ldapAttribute": "givenName", - "type": "simple", - }, - "groups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-groups", - "primaryKey": "cn", - "resourcePath": "managed/bravo_group", - "type": "reference", - }, - "kbaInfo": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-kbaInfo", - "type": "json", - }, - "lastSync": { - "ldapAttribute": "fr-idm-lastSync", - "type": "json", - }, - "mail": { - "ldapAttribute": "mail", - "type": "simple", - }, - "manager": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-manager", - "primaryKey": "uid", - "resourcePath": "managed/bravo_user", - "type": "reference", - }, - "memberOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-member", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", - }, - "memberOfOrgIDs": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-memberoforgid", - "type": "simple", - }, - "ownerOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-owner", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", - }, - "password": { - "ldapAttribute": "userPassword", - "type": "simple", - }, - "postalAddress": { - "ldapAttribute": "street", - "type": "simple", - }, - "postalCode": { - "ldapAttribute": "postalCode", - "type": "simple", - }, - "preferences": { - "ldapAttribute": "fr-idm-preferences", - "type": "json", - }, - "profileImage": { - "ldapAttribute": "labeledURI", - "type": "simple", - }, - "reports": { - "isMultiValued": true, - "propertyName": "manager", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "roles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-roles", - "primaryKey": "uid", - "resourcePath": "managed/bravo_role", - "type": "reference", - }, - "sn": { - "ldapAttribute": "sn", - "type": "simple", - }, - "stateProvince": { - "ldapAttribute": "st", - "type": "simple", - }, - "telephoneNumber": { - "ldapAttribute": "telephoneNumber", - "type": "simple", - }, - "userName": { - "ldapAttribute": "uid", - "type": "simple", - }, + { + "attribute": "authzRoles", + "readOnly": false, }, - }, - "managed/bravo_usermeta": { - "dnTemplate": "ou=usermeta,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-generic-obj", - ], - "properties": { - "target": { - "propertyName": "_meta", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, + { + "attribute": "reports", + "readOnly": false, }, - }, - "managed/teammembermeta": { - "dnTemplate": "ou=teammembermeta,o=root,ou=identities", - "jsonAttribute": "fr-idm-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-generic-obj", - ], - "properties": { - "target": { - "propertyName": "_meta", - "resourcePath": "managed/teammember", - "type": "reverseReference", - }, + { + "attribute": "effectiveRoles", + "readOnly": false, }, - }, - "reconprogressstate": { - "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=example,dc=com", - }, - "relationships": { - "dnTemplate": "ou=relationships,dc=openidm,dc=example,dc=com", - "jsonAttribute": "fr-idm-relationship-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", - "objectClasses": [ - "uidObject", - "fr-idm-relationship", - ], - }, - "scheduler": { - "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", - }, - "scheduler/*": { - "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", - }, - "ui/*": { - "dnTemplate": "ou=ui,dc=openidm,dc=example,dc=com", - }, - "updates": { - "dnTemplate": "ou=updates,dc=openidm,dc=example,dc=com", - }, - }, - }, - "rest2LdapOptions": { - "mvccAttribute": "etag", - "readOnUpdatePolicy": "controls", - "returnNullForMissingProperties": true, - "useMvcc": true, - "usePermissiveModify": true, - "useSubtreeDelete": true, - }, - "security": { - "keyManager": "jvm", - "trustManager": "jvm", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/router.idm.json 1`] = ` -{ - "idm": { - "router": { - "_id": "router", - "filters": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/script.idm.json 1`] = ` -{ - "idm": { - "script": { - "ECMAScript": { - "#javascript.debug": "&{openidm.script.javascript.debug}", - "javascript.recompile.minimumInterval": 60000, - }, - "Groovy": { - "#groovy.disabled.global.ast.transformations": "", - "#groovy.errors.tolerance": 10, - "#groovy.output.debug": false, - "#groovy.output.verbose": false, - "#groovy.script.base": "#any class extends groovy.lang.Script", - "#groovy.script.extension": ".groovy", - "#groovy.source.encoding": "utf-8 #default US-ASCII", - "#groovy.target.bytecode": "1.5", - "#groovy.target.indy": true, - "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", - "groovy.classpath": "&{idm.install.dir}/lib", - "groovy.recompile": true, - "groovy.recompile.minimumInterval": 60000, - "groovy.source.encoding": "UTF-8", - "groovy.target.directory": "&{idm.install.dir}/classes", - }, - "_id": "script", - "properties": {}, - "sources": { - "default": { - "directory": "&{idm.install.dir}/bin/defaults/script", - }, - "install": { - "directory": "&{idm.install.dir}", - }, - "project": { - "directory": "&{idm.instance.dir}", - }, - "project-script": { - "directory": "&{idm.instance.dir}/script", - }, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/secrets.idm.json 1`] = ` -{ - "idm": { - "secrets": { - "_id": "secrets", - "populateDefaults": true, - "stores": [ - { - "class": "org.forgerock.openidm.secrets.config.FileBasedStore", - "config": { - "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", - "mappings": [ - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - "openidm-localhost", - ], - "secretId": "idm.default", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - ], - "secretId": "idm.config.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - ], - "secretId": "idm.password.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.https.keystore.cert.alias|openidm-localhost}", - ], - "secretId": "idm.jwt.session.module.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", - ], - "secretId": "idm.jwt.session.module.signing", - "types": [ - "SIGN", - "VERIFY", - ], - }, - { - "aliases": [ - "selfservice", - ], - "secretId": "idm.selfservice.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", - ], - "secretId": "idm.selfservice.signing", - "types": [ - "SIGN", - "VERIFY", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - ], - "secretId": "idm.assignment.attribute.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - ], - "providerName": "&{openidm.keystore.provider|SunJCE}", - "storePassword": "&{openidm.keystore.password|changeit}", - "storetype": "&{openidm.keystore.type|JCEKS}", - }, - "name": "mainKeyStore", - }, - { - "class": "org.forgerock.openidm.secrets.config.FileBasedStore", - "config": { - "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", - "mappings": [], - "providerName": "&{openidm.truststore.provider|SUN}", - "storePassword": "&{openidm.truststore.password|changeit}", - "storetype": "&{openidm.truststore.type|JKS}", - }, - "name": "mainTrustStore", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.kba.idm.json 1`] = ` -{ - "idm": { - "selfservice.kba": { - "_id": "selfservice.kba", - "kbaPropertyName": "kbaInfo", - "minimumAnswersToDefine": 1, - "minimumAnswersToVerify": 1, - "questions": { - "1": { - "en": "What's your favorite color?", - }, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.terms.idm.json 1`] = ` -{ - "idm": { - "selfservice.terms": { - "_id": "selfservice.terms", - "active": "0.0", - "uiConfig": { - "buttonText": "Accept", - "displayName": "We've updated our terms", - "purpose": "You must accept the updated terms in order to proceed.", - }, - "versions": [ - { - "createDate": "2019-10-28T04:20:11.320Z", - "termsTranslations": { - "en": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.", - }, - "version": "0.0", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/cors.idm.json 1`] = ` -{ - "idm": { - "servletfilter/cors": { - "_id": "servletfilter/cors", - "initParams": { - "allowCredentials": false, - "allowedHeaders": "authorization,accept,content-type,origin,x-requested-with,cache-control,accept-api-version,if-match,if-none-match", - "allowedMethods": "GET,POST,PUT,DELETE,PATCH", - "allowedOrigins": "*", - "chainPreflight": false, - "exposedHeaders": "WWW-Authenticate", - }, - "urlPatterns": [ - "/*", - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/payload.idm.json 1`] = ` -{ - "idm": { - "servletfilter/payload": { - "_id": "servletfilter/payload", - "initParams": { - "maxRequestSizeInMegabytes": 5, - }, - "urlPatterns": [ - "&{openidm.servlet.alias}/*", - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/upload.idm.json 1`] = ` -{ - "idm": { - "servletfilter/upload": { - "_id": "servletfilter/upload", - "initParams": { - "maxRequestSizeInMegabytes": 50, - }, - "urlPatterns": [ - "&{openidm.servlet.upload.alias}/*", - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/admin.idm.json 1`] = ` -{ - "idm": { - "ui.context/admin": { - "_id": "ui.context/admin", - "defaultDir": "&{idm.install.dir}/ui/admin/default", - "enabled": true, - "extensionDir": "&{idm.install.dir}/ui/admin/extension", - "responseHeaders": { - "X-Frame-Options": "SAMEORIGIN", - }, - "urlContextRoot": "/admin", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/api.idm.json 1`] = ` -{ - "idm": { - "ui.context/api": { - "_id": "ui.context/api", - "authEnabled": true, - "cacheEnabled": false, - "defaultDir": "&{idm.install.dir}/ui/api/default", - "enabled": true, - "extensionDir": "&{idm.install.dir}/ui/api/extension", - "urlContextRoot": "/api", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/enduser.idm.json 1`] = ` -{ - "idm": { - "ui.context/enduser": { - "_id": "ui.context/enduser", - "defaultDir": "&{idm.install.dir}/ui/enduser", - "enabled": true, - "responseHeaders": { - "X-Frame-Options": "DENY", - }, - "urlContextRoot": "/", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/oauth.idm.json 1`] = ` -{ - "idm": { - "ui.context/oauth": { - "_id": "ui.context/oauth", - "cacheEnabled": true, - "defaultDir": "&{idm.install.dir}/ui/oauth/default", - "enabled": true, - "extensionDir": "&{idm.install.dir}/ui/oauth/extension", - "urlContextRoot": "/oauthReturn", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/configuration.idm.json 1`] = ` -{ - "idm": { - "ui/configuration": { - "_id": "ui/configuration", - "configuration": { - "defaultNotificationType": "info", - "forgotUsername": false, - "lang": "en", - "notificationTypes": { - "error": { - "iconPath": "images/notifications/error.png", - "name": "common.notification.types.error", - }, - "info": { - "iconPath": "images/notifications/info.png", - "name": "common.notification.types.info", - }, - "warning": { - "iconPath": "images/notifications/warning.png", - "name": "common.notification.types.warning", - }, - }, - "passwordReset": true, - "passwordResetLink": "", - "platformSettings": { - "adminOauthClient": "idmAdminClient", - "adminOauthClientScopes": "fr:idm:*", - "amUrl": "/am", - "loginUrl": "", - }, - "roles": { - "internal/role/openidm-admin": "ui-admin", - "internal/role/openidm-authorized": "ui-user", - }, - "selfRegistration": true, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/dashboard.idm.json 1`] = ` -{ - "idm": { - "ui/dashboard": { - "_id": "ui/dashboard", - "adminDashboards": [ - { - "isDefault": true, - "name": "Quick Start", - "widgets": [ { - "cards": [ - { - "href": "#resource/managed/alpha_user/list/", - "icon": "fa-user", - "name": "Manage Users", - }, - { - "href": "#resource/managed/alpha_role/list/", - "icon": "fa-check-square-o", - "name": "Manage Roles", - }, - { - "href": "#connectors/add/", - "icon": "fa-database", - "name": "Add Connector", - }, - { - "href": "#mapping/add/", - "icon": "fa-map-marker", - "name": "Create Mapping", - }, - { - "href": "#managed/add/", - "icon": "fa-tablet", - "name": "Add Device", - }, - { - "href": "#settings/", - "icon": "fa-user", - "name": "Configure System Preferences", - }, - ], - "size": "large", - "type": "quickStart", + "attribute": "effectiveAssignments", + "readOnly": false, }, - ], - }, - { - "isDefault": false, - "name": "System Monitoring", - "widgets": [ { - "legendRange": { - "month": [ - 500, - 2500, - 5000, - ], - "week": [ - 10, - 30, - 90, - 270, - 810, - ], - "year": [ - 10000, - 40000, - 100000, - 250000, - ], - }, - "maxRange": "#24423c", - "minRange": "#b0d4cd", - "size": "large", - "type": "audit", + "attribute": "effectiveGroups", + "readOnly": false, }, { - "size": "large", - "type": "clusterStatus", + "attribute": "lastSync", + "readOnly": false, }, { - "size": "large", - "type": "systemHealthFull", + "attribute": "kbaInfo", + "readOnly": false, }, { - "barchart": "false", - "size": "large", - "type": "lastRecon", + "attribute": "preferences", + "readOnly": false, }, - ], - }, - { - "isDefault": false, - "name": "Resource Report", - "widgets": [ { - "selected": "activeUsers", - "size": "x-small", - "type": "counter", + "attribute": "consentedMappings", + "readOnly": false, }, { - "selected": "rolesEnabled", - "size": "x-small", - "type": "counter", + "attribute": "memberOfOrg", + "readOnly": false, }, { - "selected": "activeConnectors", - "size": "x-small", - "type": "counter", + "attribute": "adminOfOrg", + "readOnly": false, }, { - "size": "large", - "type": "resourceList", + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, }, ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, { - "isDefault": false, - "name": "Business Report", - "widgets": [ + "accessFlags": [ { - "graphType": "fa-pie-chart", - "providers": [ - "Username/Password", - ], - "size": "x-small", - "type": "signIns", - "widgetTitle": "Sign-Ins", + "attribute": "userName", + "readOnly": false, }, { - "graphType": "fa-bar-chart", - "size": "x-small", - "type": "passwordResets", - "widgetTitle": "Password Resets", + "attribute": "password", + "readOnly": false, }, { - "graphType": "fa-line-chart", - "providers": [ - "Username/Password", - ], - "size": "x-small", - "type": "newRegistrations", - "widgetTitle": "New Registrations", + "attribute": "givenName", + "readOnly": false, }, { - "size": "x-small", - "timezone": { - "hours": "07", - "minutes": "00", - "negative": true, - }, - "type": "socialLogin", + "attribute": "sn", + "readOnly": false, }, { - "selected": "socialEnabled", - "size": "x-small", - "type": "counter", + "attribute": "mail", + "readOnly": false, }, { - "selected": "manualRegistrations", - "size": "x-small", - "type": "counter", + "attribute": "description", + "readOnly": false, }, - ], - }, - ], - "dashboard": { - "widgets": [ - { - "size": "large", - "type": "Welcome", - }, - ], - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/profile.idm.json 1`] = ` -{ - "idm": { - "ui/profile": { - "_id": "ui/profile", - "tabs": [ - { - "name": "personalInfoTab", - "view": "org/forgerock/openidm/ui/user/profile/personalInfo/PersonalInfoTab", - }, - { - "name": "signInAndSecurity", - "view": "org/forgerock/openidm/ui/user/profile/signInAndSecurity/SignInAndSecurityTab", - }, - { - "name": "preference", - "view": "org/forgerock/openidm/ui/user/profile/PreferencesTab", - }, - { - "name": "trustedDevice", - "view": "org/forgerock/openidm/ui/user/profile/TrustedDevicesTab", - }, - { - "name": "oauthApplication", - "view": "org/forgerock/openidm/ui/user/profile/OauthApplicationsTab", - }, - { - "name": "privacyAndConsent", - "view": "org/forgerock/openidm/ui/user/profile/PrivacyAndConsentTab", - }, - { - "name": "sharing", - "view": "org/forgerock/openidm/ui/user/profile/uma/SharingTab", - }, - { - "name": "auditHistory", - "view": "org/forgerock/openidm/ui/user/profile/uma/ActivityTab", - }, - { - "name": "accountControls", - "view": "org/forgerock/openidm/ui/user/profile/accountControls/AccountControlsTab", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/themeconfig.idm.json 1`] = ` -{ - "idm": { - "ui/themeconfig": { - "_id": "ui/themeconfig", - "icon": "favicon.ico", - "path": "", - "settings": { - "footer": { - "mailto": "info@forgerock.com", - }, - "loginLogo": { - "alt": "ForgeRock", - "height": "104px", - "src": "images/login-logo-dark.png", - "title": "ForgeRock", - "width": "210px", - }, - "logo": { - "alt": "ForgeRock", - "src": "images/logo-horizontal-white.png", - "title": "ForgeRock", - }, - }, - "stylesheets": [ - "css/bootstrap-3.4.1-custom.css", - "css/structure.css", - "css/theme.css", - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/uilocale/fr.idm.json 1`] = ` -{ - "idm": { - "uilocale/fr": { - "_id": "uilocale/fr", - "admin": { - "overrides": { - "AppLogoURI": "URI du logo de l’application", - "EmailAddress": "Adresse e-mail", - "Name": "Nom", - "Owners": "Les propriétaires", - }, - "sideMenu": { - "securityQuestions": "Questions de sécurité", - }, - }, - "enduser": { - "overrides": { - "FirstName": "Prénom", - "LastName": "Nom de famille", - }, - "pages": { - "dashboard": { - "widgets": { - "welcome": { - "greeting": "Bonjour", - }, + { + "attribute": "accountStatus", + "readOnly": false, }, - }, - }, - }, - "login": { - "login": { - "next": "Suivant", - }, - "overrides": { - "Password": "Mot de passe", - "UserName": "Nom d'utilisateur", - }, - }, - "shared": { - "sideMenu": { - "dashboard": "Tableau de bord", - }, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/undefined.idm.json 1`] = ` -{ - "idm": { - "undefined": { - "_id": "undefined", - "mapping": { - "mapping/managedBravo_user_managedBravo_user0": { - "_id": "mapping/managedBravo_user_managedBravo_user0", - "consentRequired": false, - "displayName": "managedBravo_user_managedBravo_user0", - "icon": null, - "name": "managedBravo_user_managedBravo_user0", - "policies": [ { - "action": "ASYNC", - "situation": "ABSENT", + "attribute": "telephoneNumber", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "ALL_GONE", + "attribute": "postalAddress", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "AMBIGUOUS", + "attribute": "city", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "CONFIRMED", + "attribute": "postalCode", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "FOUND", + "attribute": "country", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", + "attribute": "stateProvince", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "LINK_ONLY", + "attribute": "roles", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "MISSING", + "attribute": "groups", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", + "attribute": "manager", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "SOURCE_MISSING", + "attribute": "authzRoles", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "attribute": "reports", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "UNASSIGNED", + "attribute": "effectiveRoles", + "readOnly": false, }, { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "attribute": "effectiveAssignments", + "readOnly": false, }, - ], - "properties": [], - "source": "managed/bravo_user", - "target": "managed/bravo_user", - }, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-admin.internalRole.json 1`] = ` -{ - "internalRole": { - "openidm-admin": { - "_id": "openidm-admin", - "condition": null, - "description": "Administrative access", - "name": "openidm-admin", - "privileges": [], - "temporalConstraints": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-authorized.internalRole.json 1`] = ` -{ - "internalRole": { - "openidm-authorized": { - "_id": "openidm-authorized", - "condition": null, - "description": "Basic minimum user", - "name": "openidm-authorized", - "privileges": [], - "temporalConstraints": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-cert.internalRole.json 1`] = ` -{ - "internalRole": { - "openidm-cert": { - "_id": "openidm-cert", - "condition": null, - "description": "Authenticated via certificate", - "name": "openidm-cert", - "privileges": [], - "temporalConstraints": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-reg.internalRole.json 1`] = ` -{ - "internalRole": { - "openidm-reg": { - "_id": "openidm-reg", - "condition": null, - "description": "Anonymous access", - "name": "openidm-reg", - "privileges": [], - "temporalConstraints": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-tasks-manager.internalRole.json 1`] = ` -{ - "internalRole": { - "openidm-tasks-manager": { - "_id": "openidm-tasks-manager", - "condition": null, - "description": "Allowed to reassign workflow tasks", - "name": "openidm-tasks-manager", - "privileges": [], - "temporalConstraints": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/platform-provisioning.internalRole.json 1`] = ` -{ - "internalRole": { - "platform-provisioning": { - "_id": "platform-provisioning", - "condition": null, - "description": "Platform provisioning access", - "name": "platform-provisioning", - "privileges": [], - "temporalConstraints": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/test-internal-role.internalRole.json 1`] = ` -{ - "internalRole": { - "ccb11ba1-333b-4197-95db-89bb08a2ab56": { - "_id": "ccb11ba1-333b-4197-95db-89bb08a2ab56", - "condition": "/description co "somerandomstring"", - "description": "A test internal role", - "name": "test-internal-role", - "privileges": [ - { - "accessFlags": [ { - "attribute": "userName", + "attribute": "effectiveGroups", "readOnly": false, }, { - "attribute": "givenName", + "attribute": "lastSync", "readOnly": false, }, { - "attribute": "cn", + "attribute": "kbaInfo", "readOnly": false, }, { - "attribute": "sn", + "attribute": "preferences", "readOnly": false, }, { - "attribute": "mail", + "attribute": "consentedMappings", "readOnly": false, }, { - "attribute": "profileImage", - "readOnly": true, + "attribute": "memberOfOrg", + "readOnly": false, }, { - "attribute": "description", + "attribute": "adminOfOrg", "readOnly": false, }, { - "attribute": "accountStatus", + "attribute": "ownerOfOrg", "readOnly": true, }, { - "attribute": "telephoneNumber", + "attribute": "memberOfOrgIDs", "readOnly": true, }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/alpha_user", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ { - "attribute": "postalAddress", - "readOnly": true, + "attribute": "name", + "readOnly": false, }, { - "attribute": "city", - "readOnly": true, + "attribute": "description", + "readOnly": false, }, { - "attribute": "postalCode", + "attribute": "owners", "readOnly": true, }, { - "attribute": "country", + "attribute": "admins", "readOnly": true, }, { - "attribute": "stateProvince", - "readOnly": true, + "attribute": "members", + "readOnly": false, }, { - "attribute": "roles", - "readOnly": true, + "attribute": "parent", + "readOnly": false, }, { - "attribute": "assignments", - "readOnly": true, + "attribute": "children", + "readOnly": false, }, { - "attribute": "groups", + "attribute": "parentIDs", "readOnly": true, }, { - "attribute": "applications", + "attribute": "adminIDs", "readOnly": true, }, { - "attribute": "manager", + "attribute": "parentAdminIDs", "readOnly": true, }, { - "attribute": "authzRoles", + "attribute": "ownerIDs", "readOnly": true, }, { - "attribute": "reports", + "attribute": "parentOwnerIDs", "readOnly": true, }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], + }, + { + "accessFlags": [ { - "attribute": "effectiveRoles", - "readOnly": true, + "attribute": "name", + "readOnly": false, }, { - "attribute": "effectiveAssignments", - "readOnly": true, + "attribute": "description", + "readOnly": false, }, { - "attribute": "effectiveGroups", + "attribute": "owners", "readOnly": true, }, { - "attribute": "effectiveApplications", + "attribute": "admins", "readOnly": true, }, { - "attribute": "lastSync", - "readOnly": true, + "attribute": "members", + "readOnly": false, }, { - "attribute": "kbaInfo", - "readOnly": true, + "attribute": "parent", + "readOnly": false, }, { - "attribute": "preferences", - "readOnly": true, + "attribute": "children", + "readOnly": false, }, { - "attribute": "consentedMappings", + "attribute": "parentIDs", "readOnly": true, }, { - "attribute": "ownerOfOrg", + "attribute": "adminIDs", "readOnly": true, }, { - "attribute": "adminOfOrg", + "attribute": "parentAdminIDs", "readOnly": true, }, { - "attribute": "memberOfOrg", + "attribute": "ownerIDs", "readOnly": true, }, { - "attribute": "memberOfOrgIDs", + "attribute": "parentOwnerIDs", "readOnly": true, }, + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ { - "attribute": "ownerOfApp", - "readOnly": true, + "attribute": "userName", + "readOnly": false, }, { - "attribute": "frIndexedString1", - "readOnly": true, + "attribute": "password", + "readOnly": false, }, { - "attribute": "frIndexedString2", - "readOnly": true, + "attribute": "givenName", + "readOnly": false, }, { - "attribute": "frIndexedString3", - "readOnly": true, + "attribute": "sn", + "readOnly": false, }, { - "attribute": "frIndexedString4", - "readOnly": true, + "attribute": "mail", + "readOnly": false, }, { - "attribute": "frIndexedString5", - "readOnly": true, + "attribute": "description", + "readOnly": false, }, { - "attribute": "frUnindexedString1", - "readOnly": true, + "attribute": "accountStatus", + "readOnly": false, }, { - "attribute": "frUnindexedString2", - "readOnly": true, + "attribute": "telephoneNumber", + "readOnly": false, }, { - "attribute": "frUnindexedString3", - "readOnly": true, + "attribute": "postalAddress", + "readOnly": false, }, { - "attribute": "frUnindexedString4", - "readOnly": true, + "attribute": "city", + "readOnly": false, }, { - "attribute": "frUnindexedString5", - "readOnly": true, + "attribute": "postalCode", + "readOnly": false, }, { - "attribute": "frIndexedMultivalued1", - "readOnly": true, + "attribute": "country", + "readOnly": false, }, { - "attribute": "frIndexedMultivalued2", - "readOnly": true, + "attribute": "stateProvince", + "readOnly": false, }, { - "attribute": "frIndexedMultivalued3", - "readOnly": true, + "attribute": "roles", + "readOnly": false, }, { - "attribute": "frIndexedMultivalued4", - "readOnly": true, + "attribute": "groups", + "readOnly": false, }, { - "attribute": "frIndexedMultivalued5", - "readOnly": true, + "attribute": "manager", + "readOnly": false, }, { - "attribute": "frUnindexedMultivalued1", - "readOnly": true, + "attribute": "authzRoles", + "readOnly": false, }, { - "attribute": "frUnindexedMultivalued2", - "readOnly": true, + "attribute": "reports", + "readOnly": false, }, { - "attribute": "frUnindexedMultivalued3", - "readOnly": true, + "attribute": "effectiveRoles", + "readOnly": false, }, { - "attribute": "frUnindexedMultivalued4", - "readOnly": true, + "attribute": "effectiveAssignments", + "readOnly": false, }, { - "attribute": "frUnindexedMultivalued5", - "readOnly": true, + "attribute": "effectiveGroups", + "readOnly": false, }, { - "attribute": "frIndexedDate1", - "readOnly": true, + "attribute": "lastSync", + "readOnly": false, }, { - "attribute": "frIndexedDate2", - "readOnly": true, + "attribute": "kbaInfo", + "readOnly": false, }, { - "attribute": "frIndexedDate3", - "readOnly": true, + "attribute": "preferences", + "readOnly": false, }, { - "attribute": "frIndexedDate4", - "readOnly": true, + "attribute": "consentedMappings", + "readOnly": false, }, { - "attribute": "frIndexedDate5", - "readOnly": true, + "attribute": "memberOfOrg", + "readOnly": false, }, { - "attribute": "frUnindexedDate1", + "attribute": "adminOfOrg", "readOnly": true, }, { - "attribute": "frUnindexedDate2", + "attribute": "ownerOfOrg", "readOnly": true, }, { - "attribute": "frUnindexedDate3", + "attribute": "memberOfOrgIDs", "readOnly": true, }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, + { + "accessFlags": [ { - "attribute": "frUnindexedDate4", - "readOnly": true, + "attribute": "userName", + "readOnly": false, }, { - "attribute": "frUnindexedDate5", - "readOnly": true, + "attribute": "password", + "readOnly": false, }, { - "attribute": "frIndexedInteger1", - "readOnly": true, + "attribute": "givenName", + "readOnly": false, }, { - "attribute": "frIndexedInteger2", - "readOnly": true, + "attribute": "sn", + "readOnly": false, }, { - "attribute": "frIndexedInteger3", - "readOnly": true, + "attribute": "mail", + "readOnly": false, }, { - "attribute": "frIndexedInteger4", - "readOnly": true, + "attribute": "description", + "readOnly": false, }, { - "attribute": "frIndexedInteger5", - "readOnly": true, + "attribute": "accountStatus", + "readOnly": false, }, { - "attribute": "frUnindexedInteger1", - "readOnly": true, + "attribute": "telephoneNumber", + "readOnly": false, }, { - "attribute": "frUnindexedInteger2", - "readOnly": true, + "attribute": "postalAddress", + "readOnly": false, }, { - "attribute": "frUnindexedInteger3", - "readOnly": true, + "attribute": "city", + "readOnly": false, }, { - "attribute": "frUnindexedInteger4", + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", "readOnly": true, }, { - "attribute": "frUnindexedInteger5", + "attribute": "ownerOfOrg", "readOnly": true, }, { - "attribute": "assignedDashboard", + "attribute": "memberOfOrgIDs", "readOnly": true, }, ], "actions": [], - "filter": "/userName co "test"", - "name": "Alpha realm - Users", + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", "path": "managed/alpha_user", "permissions": [ - "VIEW", - "UPDATE", "CREATE", ], }, ], - "temporalConstraints": [ - { - "duration": "2024-11-04T12:45:00.000Z/2100-12-01T12:45:00.000Z", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_assignment_managedBravo_assignment.mapping.json 1`] = ` -{ - "mapping": { - "mapping/managedAlpha_assignment_managedBravo_assignment": { - "_id": "mapping/managedAlpha_assignment_managedBravo_assignment", - "consentRequired": false, - "displayName": "managedAlpha_assignment_managedBravo_assignment", - "icon": null, - "name": "managedAlpha_assignment_managedBravo_assignment", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [], - "source": "managed/alpha_assignment", - "target": "managed/bravo_assignment", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_user_systemAzureUser.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/audit.idm.json 1`] = ` { - "mapping": { - "mapping/managedAlpha_user_systemAzureUser": { - "_id": "mapping/managedAlpha_user_systemAzureUser", - "consentRequired": false, - "defaultSourceFields": [ - "*", - "assignments", - ], - "defaultTargetFields": [ - "*", - "memberOf", - "__roles__", - "__servicePlanIds__", - ], - "displayName": "managedAlpha_user_systemAzureUser", - "icon": null, - "name": "managedAlpha_user_systemAzureUser", - "optimizeAssignmentSync": true, - "policies": [ - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "DELETE", - "situation": "UNQUALIFIED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "SOURCE_TARGET_CONFLICT", - }, - { - "action": "INCORPORATE_CHANGES", - "situation": "TARGET_CHANGED", - }, - ], - "properties": [ - { - "source": "mail", - "target": "mail", - }, - { - "source": "givenName", - "target": "givenName", - }, - { - "source": "sn", - "target": "surname", - }, - { - "source": "", - "target": "displayName", - "transform": { - "source": "source.givenName+" "+source.sn", - "type": "text/javascript", + "idm": { + "audit": { + "_id": "audit", + "auditServiceConfig": { + "availableAuditEventHandlers": [ + "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", + "org.forgerock.audit.handlers.elasticsearch.ElasticsearchAuditEventHandler", + "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", + "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", + "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler", + "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", + ], + "caseInsensitiveFields": [ + "/access/http/request/headers", + "/access/http/response/headers", + ], + "filterPolicies": { + "value": { + "excludeIf": [ + "/access/http/request/cookies/&{com.iplanet.am.cookie.name}", + "/access/http/request/cookies/session-jwt", + "/access/http/request/headers/&{com.sun.identity.auth.cookieName}", + "/access/http/request/headers/&{com.iplanet.am.cookie.name}", + "/access/http/request/headers/accept-encoding", + "/access/http/request/headers/accept-language", + "/access/http/request/headers/Authorization", + "/access/http/request/headers/cache-control", + "/access/http/request/headers/connection", + "/access/http/request/headers/content-length", + "/access/http/request/headers/content-type", + "/access/http/request/headers/proxy-authorization", + "/access/http/request/headers/X-OpenAM-Password", + "/access/http/request/headers/X-OpenIDM-Password", + "/access/http/request/queryParameters/access_token", + "/access/http/request/queryParameters/IDToken1", + "/access/http/request/queryParameters/id_token_hint", + "/access/http/request/queryParameters/Login.Token1", + "/access/http/request/queryParameters/redirect_uri", + "/access/http/request/queryParameters/requester", + "/access/http/request/queryParameters/sessionUpgradeSSOTokenId", + "/access/http/request/queryParameters/tokenId", + "/access/http/response/headers/Authorization", + "/access/http/response/headers/Set-Cookie", + "/access/http/response/headers/X-OpenIDM-Password", + ], + "includeIf": [], }, }, + "handlerForQueries": "json", + }, + "eventHandlers": [ { - "source": "", - "target": "mailNickname", - "transform": { - "source": "source.givenName[0].toLowerCase()+source.sn.toLowerCase()", - "type": "text/javascript", + "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "config": { + "name": "json", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, }, { - "source": "", - "target": "accountEnabled", - "transform": { - "source": "true", - "type": "text/javascript", + "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "config": { + "enabled": false, + "name": "repo", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, }, - { - "condition": { - "globals": {}, - "source": "(typeof oldTarget === 'undefined' || oldTarget === null)", - "type": "text/javascript", + ], + "eventTopics": { + "activity": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, - "source": "", - "target": "__PASSWORD__", - "transform": { - "source": ""!@#$%"[Math.floor(Math.random()*5)] + Math.random().toString(36).slice(2, 13).toUpperCase()+Math.random().toString(36).slice(2,13)", - "type": "text/javascript", + "passwordFields": [ + "password", + ], + "watchedFields": [], + }, + "config": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, }, - ], - "queuedSync": { - "enabled": true, - "maxRetries": 0, - "pollingInterval": 10000, }, - "runTargetPhase": false, - "source": "managed/alpha_user", - "sourceCondition": "/source/effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", - "sourceQuery": { - "_queryFilter": "effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or lastSync/managedAlpha_user_systemAzureUser pr or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", + "exceptionFormatter": { + "file": "bin/defaults/script/audit/stacktraceFormatter.js", + "type": "text/javascript", }, - "target": "system/Azure/User", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_group_managedBravo_group.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/authentication.idm.json 1`] = ` { - "mapping": { - "mapping/managedBravo_group_managedBravo_group": { - "_id": "mapping/managedBravo_group_managedBravo_group", - "consentRequired": false, - "displayName": "managedBravo_group_managedBravo_group", - "icon": null, - "name": "managedBravo_group_managedBravo_group", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", + "idm": { + "authentication": { + "_id": "authentication", + "rsFilter": { + "augmentSecurityContext": { + "source": "require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, security.authorization.component.includes('/alpha_') ? 'alphaOrgPrivileges' : 'bravoOrgPrivileges', 'privilegeAssignments');", + "type": "text/javascript", }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "cache": { + "maxTimeout": "300 seconds", }, - ], - "properties": [], - "source": "managed/bravo_group", - "target": "managed/bravo_group", + "scopes": [ + "fr:idm:*", + ], + "staticUserMapping": [ + { + "localUser": "internal/user/idm-provisioning", + "roles": [ + "internal/role/openidm-admin", + ], + "subject": "autoid-resource-server", + }, + ], + "subjectMapping": [ + { + "additionalUserFields": [ + "adminOfOrg", + "ownerOfOrg", + ], + "defaultRoles": [ + "internal/role/openidm-authorized", + ], + "propertyMapping": { + "sub": "_id", + }, + "queryOnResource": "managed/{{substring realm 1}}_user", + "userRoles": "authzRoles/*", + }, + ], + }, }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_user_managedBravo_user0.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/bravoOrgPrivileges.idm.json 1`] = ` { - "mapping": { - "mapping/managedBravo_user_managedBravo_user0": { - "_id": "mapping/managedBravo_user_managedBravo_user0", - "consentRequired": false, - "displayName": "managedBravo_user_managedBravo_user0", - "icon": null, - "name": "managedBravo_user_managedBravo_user0", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, + "idm": { + "bravoOrgPrivileges": { + "_id": "bravoOrgPrivileges", + "privileges": [ { - "action": "ASYNC", - "situation": "LINK_ONLY", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, { - "action": "ASYNC", - "situation": "MISSING", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/bravo_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, { - "action": "ASYNC", - "situation": "SOURCE_MISSING", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/bravo_user", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, { - "action": "ASYNC", - "situation": "UNASSIGNED", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/bravo_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/bravo_user", + "permissions": [ + "CREATE", + ], }, ], - "properties": [], - "source": "managed/bravo_user", - "target": "managed/bravo_user", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/mapping12.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/Test.idm.json 1`] = ` { - "mapping": { - "mapping/mapping12": { - "_id": "mapping/mapping12", - "consentRequired": false, - "displayName": "mapping12", - "linkQualifiers": [], - "name": "mapping12", - "policies": [], - "properties": [], - "source": "managed/bravo_user", - "syncAfter": [], - "target": "managed/bravo_user", + "idm": { + "endpoint/Test": { + "_id": "endpoint/Test", + "description": "test", + "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", + "source": " (function () { + if (request.method === 'create') { + // POST + return {}; + } else if (request.method === 'read') { + // GET + return {}; + } else if (request.method === 'update') { + // PUT + return {}; + } else if (request.method === 'patch') { + return {}; + } else if (request.method === 'delete') { + return {}; + } + throw { code: 500, message: 'Unknown error' }; + }());", + "type": "text/javascript", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzure__group___managedAlpha_assignment.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/testEndpoint2.idm.json 1`] = ` { - "mapping": { - "mapping/systemAzure__group___managedAlpha_assignment": { - "_id": "mapping/systemAzure__group___managedAlpha_assignment", - "consentRequired": false, - "displayName": "systemAzure__group___managedAlpha_assignment", - "icon": null, - "name": "systemAzure__group___managedAlpha_assignment", - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "DELETE", - "situation": "SOURCE_MISSING", - }, - { - "action": "CREATE", - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "DELETE", - "situation": "UNQUALIFIED", - }, - { - "action": "EXCEPTION", - "situation": "UNASSIGNED", - }, - { - "action": "EXCEPTION", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, + "idm": { + "endpoint/testEndpoint2": { + "_id": "endpoint/testEndpoint2", + "description": "", + "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", + "source": " (function () { + if (request.method === 'create') { + // POST + return {}; + } else if (request.method === 'read') { + // GET + return {}; + } else if (request.method === 'update') { + // PUT + return {}; + } else if (request.method === 'patch') { + return {}; + } else if (request.method === 'delete') { + return {}; + } + throw { code: 500, message: 'Unknown error' }; + }());", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/entityId.idm.json 1`] = ` +{ + "idm": { + "entityId": { + "_id": "entityId", + "defaultLocale": "en", + "displayName": "Frodo Test Email Template Three", + "enabled": true, + "from": "", + "message": { + "en": "

You started a login or profile update that requires MFA.

Click to Proceed

", + }, + "mimeType": "text/html", + "subject": { + "en": "Multi-Factor Email for Identity Cloud login", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.email.idm.json 1`] = ` +{ + "idm": { + "external.email": { + "_id": "external.email", + "auth": { + "enable": true, + "password": "&{aic.customer.sasl.pass}", + "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", + }, + "connectiontimeout": 300000, + "debug": false, + "from": "&{email.sender.address}", + "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", + "port": 25, + "smtpProperties": [], + "ssl": { + "enable": false, + }, + "starttls": { + "enable": false, + }, + "threadPoolSize": 20, + "timeout": 300000, + "writetimeout": 300000, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.emailDefault.idm.json 1`] = ` +{ + "idm": { + "external.emailDefault": { + "_id": "external.emailDefault", + "auth": { + "enable": true, + "password": "&{aic.customer.sasl.pass}", + "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", + }, + "connectiontimeout": 300000, + "debug": false, + "from": "&{email.sender.address}", + "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", + "port": 25, + "smtpProperties": [], + "ssl": { + "enable": false, + }, + "starttls": { + "enable": false, + }, + "threadPoolSize": 20, + "timeout": 300000, + "writetimeout": 300000, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/alpha_user.idm.json 1`] = ` +{ + "idm": { + "fieldPolicy/alpha_user": { + "_id": "fieldPolicy/alpha_user", + "defaultPasswordStorageScheme": [ { - "action": "IGNORE", - "situation": "ALL_GONE", + "_id": "PBKDF2-HMAC-SHA256", }, + ], + "passwordAttribute": "password", + "resourceCollection": "managed/alpha_user", + "type": "password-policy", + "validator": [ { - "action": "UPDATE", - "situation": "CONFIRMED", + "_id": "alpha_userPasswordPolicy-length-based-password-validator", + "enabled": true, + "maxPasswordLength": 0, + "minPasswordLength": 10, + "type": "length-based", }, { - "action": "LINK", - "situation": "FOUND", + "_id": "alpha_userPasswordPolicy-attribute-value-password-validator", + "checkSubstrings": true, + "enabled": true, + "matchAttribute": [ + "mail", + "userName", + "givenName", + "sn", + ], + "minSubstringLength": 5, + "testReversedPassword": true, + "type": "attribute-value", }, { - "action": "CREATE", - "situation": "ABSENT", + "_id": "alpha_userPasswordPolicy-character-set-password-validator", + "allowUnclassifiedCharacters": true, + "characterSet": [ + "0:abcdefghijklmnopqrstuvwxyz", + "0:ABCDEFGHIJKLMNOPQRSTUVWXYZ", + "0:0123456789", + "0:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", + ], + "enabled": true, + "minCharacterSets": 4, + "type": "character-set", }, ], - "properties": [ - { - "default": "__RESOURCE__", - "target": "type", - }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/bravo_user.idm.json 1`] = ` +{ + "idm": { + "fieldPolicy/bravo_user": { + "_id": "fieldPolicy/bravo_user", + "defaultPasswordStorageScheme": [ { - "source": "", - "target": "description", - "transform": { - "globals": {}, - "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", - "type": "text/javascript", - }, + "_id": "PBKDF2-HMAC-SHA256", }, + ], + "passwordAttribute": "password", + "resourceCollection": "managed/bravo_user", + "type": "password-policy", + "validator": [ { - "default": "managedAlpha_user_systemAzureUser", - "target": "mapping", + "_id": "bravo_userPasswordPolicy-length-based-password-validator", + "enabled": true, + "maxPasswordLength": 0, + "minPasswordLength": 8, + "type": "length-based", }, { - "source": "", - "target": "name", - "transform": { - "globals": {}, - "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", - "type": "text/javascript", - }, + "_id": "bravo_userPasswordPolicy-attribute-value-password-validator", + "checkSubstrings": true, + "enabled": true, + "matchAttribute": [ + "mail", + "userName", + "givenName", + "sn", + ], + "minSubstringLength": 5, + "testReversedPassword": true, + "type": "attribute-value", }, { - "source": "_id", - "target": "attributes", - "transform": { - "globals": {}, - "source": "[ - { - 'name': 'memberOf', - 'value': [source] - } -]", - "type": "text/javascript", - }, + "_id": "bravo_userPasswordPolicy-character-set-password-validator", + "allowUnclassifiedCharacters": true, + "characterSet": [ + "1:abcdefghijklmnopqrstuvwxyz", + "1:ABCDEFGHIJKLMNOPQRSTUVWXYZ", + "1:0123456789", + "1:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", + ], + "enabled": true, + "type": "character-set", }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/internal.idm.json 1`] = ` +{ + "idm": { + "internal": { + "_id": "internal", + "objects": [ { - "source": "_id", - "target": "_id", - "transform": { - "globals": { - "sourceObjectSet": "system_Azure___GROUP___", + "name": "role", + "properties": { + "authzMembers": { + "items": { + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + }, }, - "source": "sourceObjectSet.concat(source)", - "type": "text/javascript", }, }, ], - "source": "system/Azure/__GROUP__", - "target": "managed/alpha_assignment", - "targetQuery": { - "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "memberOf"]", - }, }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureDirectoryrole_managedAlpha_assignment.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/managed.idm.json 1`] = ` { - "mapping": { - "mapping/systemAzureDirectoryrole_managedAlpha_assignment": { - "_id": "mapping/systemAzureDirectoryrole_managedAlpha_assignment", - "consentRequired": false, - "displayName": "systemAzureDirectoryrole_managedAlpha_assignment", - "icon": null, - "name": "systemAzureDirectoryrole_managedAlpha_assignment", - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "DELETE", - "situation": "SOURCE_MISSING", - }, + "idm": { + "managed": { + "_id": "managed", + "objects": [ { - "action": "CREATE", - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "DELETE", - "situation": "UNQUALIFIED", - }, - { - "action": "EXCEPTION", - "situation": "UNASSIGNED", - }, - { - "action": "EXCEPTION", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "default": "__RESOURCE__", - "target": "type", - }, - { - "source": "", - "target": "description", - "transform": { - "globals": {}, - "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", - "type": "text/javascript", - }, - }, - { - "default": "managedAlpha_user_systemAzureUser", - "target": "mapping", - }, - { - "source": "", - "target": "name", - "transform": { - "globals": {}, - "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", - "type": "text/javascript", - }, - }, - { - "source": "_id", - "target": "attributes", - "transform": { - "globals": {}, - "source": "[ - { - 'name': '__roles__', - 'value': [source] - } -]", - "type": "text/javascript", - }, - }, - { - "source": "_id", - "target": "_id", - "transform": { - "globals": { - "sourceObjectSet": "system_Azure_directoryRole_", - }, - "source": "sourceObjectSet.concat(source)", - "type": "text/javascript", - }, - }, - ], - "source": "system/Azure/directoryRole", - "target": "managed/alpha_assignment", - "targetQuery": { - "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__roles__"]", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureServiceplan_managedAlpha_assignment.mapping.json 1`] = ` -{ - "mapping": { - "mapping/systemAzureServiceplan_managedAlpha_assignment": { - "_id": "mapping/systemAzureServiceplan_managedAlpha_assignment", - "consentRequired": false, - "displayName": "systemAzureServiceplan_managedAlpha_assignment", - "icon": null, - "name": "systemAzureServiceplan_managedAlpha_assignment", - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "DELETE", - "situation": "SOURCE_MISSING", - }, - { - "action": "CREATE", - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "DELETE", - "situation": "UNQUALIFIED", - }, - { - "action": "EXCEPTION", - "situation": "UNASSIGNED", - }, - { - "action": "EXCEPTION", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "default": "__RESOURCE__", - "target": "type", - }, - { - "source": "", - "target": "description", - "transform": { - "globals": {}, - "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", - "type": "text/javascript", - }, - }, - { - "default": "managedAlpha_user_systemAzureUser", - "target": "mapping", - }, - { - "source": "", - "target": "name", - "transform": { - "globals": {}, - "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", - "type": "text/javascript", - }, - }, - { - "source": "_id", - "target": "attributes", - "transform": { - "globals": {}, - "source": "[ - { - 'name': '__servicePlanIds__', - 'value': [source] - } -]", - "type": "text/javascript", - }, - }, - { - "source": "_id", - "target": "_id", - "transform": { - "globals": { - "sourceObjectSet": "system_Azure_servicePlan_", - }, - "source": "sourceObjectSet.concat(source)", - "type": "text/javascript", - }, - }, - ], - "source": "system/Azure/servicePlan", - "target": "managed/alpha_assignment", - "targetQuery": { - "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__servicePlanIds__"]", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureUser_managedAlpha_user.mapping.json 1`] = ` -{ - "mapping": { - "mapping/systemAzureUser_managedAlpha_user": { - "_id": "mapping/systemAzureUser_managedAlpha_user", - "consentRequired": false, - "correlationQuery": [ - { - "linkQualifier": "default", - "source": "var qry = {'_queryFilter': 'mail eq "' + source.mail + '"'}; qry", - "type": "text/javascript", - }, - ], - "defaultSourceFields": [ - "*", - "memberOf", - "__roles__", - "__servicePlanIds__", - ], - "defaultTargetFields": [ - "*", - "assignments", - ], - "displayName": "systemAzureUser_managedAlpha_user", - "icon": null, - "links": "managedAlpha_user_systemAzureUser", - "name": "systemAzureUser_managedAlpha_user", - "policies": [ - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "ONBOARD", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "SOURCE_TARGET_CONFLICT", - }, - ], - "properties": [ - { - "referencedObjectType": "__GROUP__", - "source": "memberOf", - "target": "assignments", - }, - { - "referencedObjectType": "directoryRole", - "source": "__roles__", - "target": "assignments", - }, - { - "referencedObjectType": "servicePlan", - "source": "__servicePlanIds__", - "target": "assignments", - }, - ], - "reconSourceQueryPageSize": 999, - "reconSourceQueryPaging": true, - "runTargetPhase": false, - "source": "system/Azure/User", - "sourceQueryFullEntry": true, - "target": "managed/alpha_user", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-admin-token.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-admin-token": { - "_id": "esv-admin-token", - "activeVersion": "1", - "description": "Long-lived admin token", - "encoding": "generic", - "lastChangeDate": "2024-03-20T14:46:13.461793Z", - "lastChangedBy": "ba58ff99-76d3-4c69-9c4a-7f150ac70e2c", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-brando-pingone.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-brando-pingone": { - "_id": "esv-brando-pingone", - "activeVersion": "4", - "description": "This is to show the connection between PingOne and AIC. ", - "encoding": "generic", - "lastChangeDate": "2024-06-24T00:44:06.154598Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "4", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test1.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-secret-import-test1": { - "_id": "esv-secret-import-test1", - "activeVersion": "1", - "description": "Secret Import Test 1", - "encoding": "generic", - "lastChangeDate": "2024-06-22T01:13:13.904591Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test2.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-secret-import-test2": { - "_id": "esv-secret-import-test2", - "activeVersion": "1", - "description": "Secret Import Test 2", - "encoding": "generic", - "lastChangeDate": "2024-06-22T01:13:41.914076Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret": { - "_id": "esv-test-secret", - "activeVersion": "1", - "description": "This is a test secret containing a simple string value.", - "encoding": "generic", - "lastChangeDate": "2024-07-05T17:53:53.682578Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret-cert-pem": { - "_id": "esv-test-secret-cert-pem", - "activeVersion": "1", - "description": "This is a test secret from a pem encoded cert file.", - "encoding": "pem", - "lastChangeDate": "2024-01-20T03:48:49.005574Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem-raw.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret-cert-pem-raw": { - "_id": "esv-test-secret-cert-pem-raw", - "activeVersion": "1", - "description": "This is a test secret from a pem encoded cert file (raw).", - "encoding": "pem", - "lastChangeDate": "2024-01-20T03:49:20.270526Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-euler.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret-euler": { - "_id": "esv-test-secret-euler", - "activeVersion": "1", - "description": "A test secret containing the value of Euler's number", - "encoding": "generic", - "lastChangeDate": "2023-12-14T15:27:34.607038Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret-file-base64hmac": { - "_id": "esv-test-secret-file-base64hmac", - "activeVersion": "1", - "description": "This is a test secret from base64 encoded hmac key file.", - "encoding": "base64hmac", - "lastChangeDate": "2024-01-20T03:46:37.42544Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac-raw.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret-file-base64hmac-raw": { - "_id": "esv-test-secret-file-base64hmac-raw", - "activeVersion": "1", - "description": "This is a test secret from base64 encoded hmac key file (raw).", - "encoding": "base64hmac", - "lastChangeDate": "2024-01-20T03:47:03.695151Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret-pi": { - "_id": "esv-test-secret-pi", - "activeVersion": "1", - "description": "Secret that contains the value of pi", - "encoding": "generic", - "lastChangeDate": "2023-12-14T15:22:28.519043Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi-generic.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-test-secret-pi-generic": { - "_id": "esv-test-secret-pi-generic", - "activeVersion": "3", - "description": "", - "encoding": "generic", - "lastChangeDate": "2024-07-15T03:20:09.136266Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "3", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-volkers-test-secret.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-volkers-test-secret": { - "_id": "esv-volkers-test-secret", - "activeVersion": "10", - "description": "Volker's test secret", - "encoding": "generic", - "lastChangeDate": "2024-06-26T01:37:06.116117Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "10", - "useInPlaceholders": true, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/CorsService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "CorsService": { - "_id": "", - "_type": { - "_id": "CorsService", - "collection": false, - "name": "CORS Service", - }, - "enabled": true, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/dashboard.service.json 1`] = ` -{ - "meta": Any, - "service": { - "dashboard": { - "_id": "", - "_type": { - "_id": "dashboard", - "collection": false, - "name": "Dashboard", - }, - "defaults": { - "assignedDashboard": [], - }, - "location": "global", - "nextDescendents": [ - { - "_id": "Google", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "Google", - "icfIdentifier": "idm magic 34", - "icon": "images/logos/googleplus.png", - "login": "http://www.google.com", - "name": "Google", - }, - { - "_id": "SalesForce", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "SalesForce", - "icfIdentifier": "idm magic 12", - "icon": "images/logos/salesforce.png", - "login": "http://www.salesforce.com", - "name": "SalesForce", - }, - { - "_id": "ZenDesk", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync", }, - "className": "SAML2ApplicationClass", - "displayName": "ZenDesk", - "icfIdentifier": "idm magic 56", - "icon": "images/logos/zendesk.png", - "login": "http://www.ZenDesk.com", - "name": "ZenDesk", - }, - { - "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", + "meta": { + "property": "_meta", + "resourceCollection": "managed/alpha_usermeta", + "trackedProperties": [ + "createDate", + "lastChanged", + ], }, - "className": "BookmarkApplicationClass", - "displayName": "Google", - "icon": "app-bookmark.svg", - "login": "https://www.google.com/", - "name": "Google", - }, - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/AlphaUser2GoogleApps.sync.json 1`] = ` -{ - "_id": "sync/AlphaUser2GoogleApps", - "consentRequired": false, - "correlationQuery": [ - { - "expressionTree": { - "all": [ - "__NAME__", - ], - }, - "file": "ui/correlateTreeToQueryFilter.js", - "linkQualifier": "default", - "mapping": "AlphaUser2GoogleApps", - "type": "text/javascript", - }, - ], - "displayName": "AlphaUser2GoogleApps", - "enableSync": { - "$bool": "&{esv.gac.enable.mapping}", - }, - "icon": null, - "name": "AlphaUser2GoogleApps", - "onCreate": { - "globals": {}, - "source": "target.orgUnitPath = "/NewAccounts";", - "type": "text/javascript", - }, - "onUpdate": { - "globals": {}, - "source": "//testing1234 -target.givenName = oldTarget.givenName; -target.familyName = oldTarget.familyName; -target.__NAME__ = oldTarget.__NAME__;", - "type": "text/javascript", - }, - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "UNLINK", - "situation": "SOURCE_MISSING", - }, - { - "action": { - "globals": {}, - "source": "// Timing Constants -var ATTEMPT = 6; // Number of attempts to find the Google user. -var SLEEP_TIME = 500; // Milliseconds between retries. -var SYSTEM_ENDPOINT = "system/GoogleApps/__ACCOUNT__"; -var MAPPING_NAME = "AlphaUser2GoogleApps"; -var GOOGLE_DOMAIN = identityServer.getProperty("esv.gac.domain"); -var googleEmail = source.userName + "@" + GOOGLE_DOMAIN; -var frUserGUID = source._id; -var resultingAction = "ASYNC"; - -// Get the Google GUID -var linkQueryParams = {'_queryFilter': 'firstId eq "' + frUserGUID + '" and linkType eq "' + MAPPING_NAME + '"'}; -var linkResults = openidm.query("repo/link/", linkQueryParams, null); -var googleGUID; - -if (linkResults.resultCount === 1) { - googleGUID = linkResults.result[0].secondId; -} - -var queryResults; // Resulting query from looking for the Google user. -var params = {'_queryFilter': '__UID__ eq "' + googleGUID + '"'}; - -for (var i = 1; i <= ATTEMPT; i++) { - queryResults = openidm.query(SYSTEM_ENDPOINT, params); - if (queryResults.result && queryResults.result.length > 0) { - logger.info("idmlog: ---AlphaUser2GoogleApps - Missing->UPDATE - Result found in " + i + " attempts. Query result: " + JSON.stringify(queryResults)); - resultingAction = "UPDATE"; - break; - } - java.lang.Thread.sleep(SLEEP_TIME); // Wait before trying again. -} - -if (!queryResults.result || queryResults.resultCount === 0) { - logger.warn("idmlog: ---AlphaUser2GoogleApps - Missing->UNLINK - " + googleEmail + " not found after " + ATTEMPT + " attempts."); - resultingAction = "UNLINK"; -} -resultingAction; -", - "type": "text/javascript", - }, - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "IGNORE", - "situation": "UNQUALIFIED", - }, - { - "action": "IGNORE", - "situation": "UNASSIGNED", - }, - { - "action": "UNLINK", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "condition": { - "globals": {}, - "source": "object.custom_password_encrypted != null", - "type": "text/javascript", - }, - "source": "custom_password_encrypted", - "target": "__PASSWORD__", - "transform": { - "globals": {}, - "source": "openidm.decrypt(source);", - "type": "text/javascript", - }, - }, - { - "source": "cn", - "target": "__NAME__", - "transform": { - "globals": {}, - "source": "source + "@" + identityServer.getProperty("esv.gac.domain");", - "type": "text/javascript", - }, - }, - { - "source": "givenName", - "target": "givenName", - }, - { - "source": "", - "target": "familyName", - "transform": { - "globals": {}, - "source": "if (source.frIndexedInteger1 > 2 && source.frIndexedInteger1 < 6) { - source.sn + " (Student)" -} else { - source.sn -}", - "type": "text/javascript", - }, - }, - ], - "queuedSync": { - "enabled": true, - "maxQueueSize": 20000, - "maxRetries": 5, - "pageSize": 100, - "pollingInterval": 1000, - "postRetryAction": "logged-ignore", - "retryDelay": 1000, - }, - "source": "managed/alpha_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - "managedAlpha_user_managedBravo_user", - "managedBravo_user_managedAlpha_user", - ], - "target": "system/GoogleApps/__ACCOUNT__", - "validSource": { - "globals": {}, - "source": "var isGoogleEligible = true; -//var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + " cn: " + source.cn + ") -"; -var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + ") -"; - -//Get Applicable userTypes (no Parent accounts) -if (source.frIndexedInteger1 !== 0 && source.frIndexedInteger1 !== 1 && source.frIndexedInteger1 !== 3 && source.frIndexedInteger1 !== 4 && source.frIndexedInteger1 !== 5) { - isGoogleEligible = false; - logMsg = logMsg + " Account type not eligible."; -} - -//Make sure the account has a valid encrypted password. -if (source.custom_password_encrypted == undefined || source.custom_password_encrypted == null) { - isGoogleEligible = false; - logMsg = logMsg + " No encrypted password yet."; -} - -//Check that CN exists and has no space. -if (source.cn && source.cn.includes(' ')) { - isGoogleEligible = false; - logMsg = logMsg + " CN with a space is not allowed."; -} - -if (!isGoogleEligible) { - logMsg = logMsg + " Not sent to Google." - logger.info(logMsg); -} - -if (isGoogleEligible) { - logMsg = logMsg + " Sent to Google." - logger.info(logMsg); -} - -isGoogleEligible; -", - "type": "text/javascript", - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedAlpha_user_managedBravo_user.sync.json 1`] = ` -{ - "_id": "sync/managedAlpha_user_managedBravo_user", - "consentRequired": true, - "displayName": "Test Mapping for Frodo", - "icon": null, - "name": "managedAlpha_user_managedBravo_user", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [ - { - "condition": { - "globals": {}, - "source": "console.log("Hello World!");", - "type": "text/javascript", - }, - "default": [ - "Default value string", - ], - "source": "accountStatus", - "target": "applications", - "transform": { - "globals": {}, - "source": "console.log("hello");", - "type": "text/javascript", - }, - }, - ], - "source": "managed/alpha_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - ], - "target": "managed/bravo_user", -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedBravo_user_managedAlpha_user.sync.json 1`] = ` -{ - "_id": "sync/managedBravo_user_managedAlpha_user", - "consentRequired": false, - "displayName": "Frodo test mapping", - "icon": null, + "name": "alpha_user", + "notifications": {}, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "cn", + "sn", + "mail", + "profileImage", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "groups", + "applications", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "effectiveGroups", + "effectiveApplications", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "ownerOfApp", + "frIndexedString1", + "frIndexedString2", + "frIndexedString3", + "frIndexedString4", + "frIndexedString5", + "frUnindexedString1", + "frUnindexedString2", + "frUnindexedString3", + "frUnindexedString4", + "frUnindexedString5", + "frIndexedMultivalued1", + "frIndexedMultivalued2", + "frIndexedMultivalued3", + "frIndexedMultivalued4", + "frIndexedMultivalued5", + "frUnindexedMultivalued1", + "frUnindexedMultivalued2", + "frUnindexedMultivalued3", + "frUnindexedMultivalued4", + "frUnindexedMultivalued5", + "frIndexedDate1", + "frIndexedDate2", + "frIndexedDate3", + "frIndexedDate4", + "frIndexedDate5", + "frUnindexedDate1", + "frUnindexedDate2", + "frUnindexedDate3", + "frUnindexedDate4", + "frUnindexedDate5", + "frIndexedInteger1", + "frIndexedInteger2", + "frIndexedInteger3", + "frIndexedInteger4", + "frIndexedInteger5", + "frUnindexedInteger1", + "frUnindexedInteger2", + "frUnindexedInteger3", + "frUnindexedInteger4", + "frUnindexedInteger5", + "assignedDashboard", + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "aliasList": { + "description": "List of identity aliases used primarily to record social IdP subjects for this user", + "isVirtual": false, + "items": { + "title": "User Alias Names Items", + "type": "string", + }, + "returnByDefault": false, + "searchable": false, + "title": "User Alias Names List", + "type": "array", + "userEditable": true, + "viewable": false, + }, + "applications": { + "description": "Applications", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "assignedDashboard": { + "description": "List of items to click on for this user", + "isVirtual": true, + "items": { + "title": "Assigned Dashboard Items", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "searchable": false, + "title": "Assigned Dashboard", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/alpha_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Authorization Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "city": { + "description": "City", + "isPersonal": false, + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "cn": { + "default": "{{givenName}} {{sn}}", + "description": "Common Name", + "isPersonal": true, + "scope": "private", + "searchable": false, + "title": "Common Name", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "items": { + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mappings Item", + "type": "object", + }, + "title": "Consented Mappings Items", + "type": "array", + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "country": { + "description": "Country", + "isPersonal": false, + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "description": { + "description": "Description", + "isPersonal": false, + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "effectiveApplications": { + "description": "Effective Applications", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assigned Application Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Applications", + "type": "array", + "viewable": false, + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "*", + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments", + ], + [ + "assignments", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveGroups": { + "description": "Effective Groups", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Groups Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "groups", + ], + }, + "returnByDefault": true, + "title": "Effective Groups", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles", + ], + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "frIndexedDate1": { + "description": "Generic Indexed Date 1", + "isPersonal": false, + "title": "Generic Indexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate2": { + "description": "Generic Indexed Date 2", + "isPersonal": false, + "title": "Generic Indexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate3": { + "description": "Generic Indexed Date 3", + "isPersonal": false, + "title": "Generic Indexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate4": { + "description": "Generic Indexed Date 4", + "isPersonal": false, + "title": "Generic Indexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate5": { + "description": "Generic Indexed Date 5", + "isPersonal": false, + "title": "Generic Indexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger1": { + "description": "Generic Indexed Integer 1", + "isPersonal": false, + "title": "Generic Indexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger2": { + "description": "Generic Indexed Integer 2", + "isPersonal": false, + "title": "Generic Indexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger3": { + "description": "Generic Indexed Integer 3", + "isPersonal": false, + "title": "Generic Indexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger4": { + "description": "Generic Indexed Integer 4", + "isPersonal": false, + "title": "Generic Indexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger5": { + "description": "Generic Indexed Integer 5", + "isPersonal": false, + "title": "Generic Indexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued1": { + "description": "Generic Indexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued2": { + "description": "Generic Indexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued3": { + "description": "Generic Indexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued4": { + "description": "Generic Indexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued5": { + "description": "Generic Indexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString1": { + "description": "Generic Indexed String 1", + "isPersonal": false, + "title": "Generic Indexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString2": { + "description": "Generic Indexed String 2", + "isPersonal": false, + "title": "Generic Indexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString3": { + "description": "Generic Indexed String 3", + "isPersonal": false, + "title": "Generic Indexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString4": { + "description": "Generic Indexed String 4", + "isPersonal": false, + "title": "Generic Indexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString5": { + "description": "Generic Indexed String 5", + "isPersonal": false, + "title": "Generic Indexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate1": { + "description": "Generic Unindexed Date 1", + "isPersonal": false, + "title": "Generic Unindexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate2": { + "description": "Generic Unindexed Date 2", + "isPersonal": false, + "title": "Generic Unindexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate3": { + "description": "Generic Unindexed Date 3", + "isPersonal": false, + "title": "Generic Unindexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate4": { + "description": "Generic Unindexed Date 4", + "isPersonal": false, + "title": "Generic Unindexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate5": { + "description": "Generic Unindexed Date 5", + "isPersonal": false, + "title": "Generic Unindexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger1": { + "description": "Generic Unindexed Integer 1", + "isPersonal": false, + "title": "Generic Unindexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger2": { + "description": "Generic Unindexed Integer 2", + "isPersonal": false, + "title": "Generic Unindexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger3": { + "description": "Generic Unindexed Integer 3", + "isPersonal": false, + "title": "Generic Unindexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger4": { + "description": "Generic Unindexed Integer 4", + "isPersonal": false, + "title": "Generic Unindexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger5": { + "description": "Generic Unindexed Integer 5", + "isPersonal": false, + "title": "Generic Unindexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued1": { + "description": "Generic Unindexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued2": { + "description": "Generic Unindexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued3": { + "description": "Generic Unindexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued4": { + "description": "Generic Unindexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued5": { + "description": "Generic Unindexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString1": { + "description": "Generic Unindexed String 1", + "isPersonal": false, + "title": "Generic Unindexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString2": { + "description": "Generic Unindexed String 2", + "isPersonal": false, + "title": "Generic Unindexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString3": { + "description": "Generic Unindexed String 3", + "isPersonal": false, + "title": "Generic Unindexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString4": { + "description": "Generic Unindexed String 4", + "isPersonal": false, + "title": "Generic Unindexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString5": { + "description": "Generic Unindexed String 5", + "isPersonal": false, + "title": "Generic Unindexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "groups": { + "description": "Groups", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Group", + "path": "managed/alpha_group", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": false, + "returnByDefault": false, + "title": "Groups", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId", + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string", + }, + "customQuestion": { + "description": "Custom question", + "type": "string", + }, + "questionId": { + "description": "Question ID", + "type": "string", + }, + }, + "required": [], + "title": "KBA Info Items", + "type": "object", + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp", + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "title": "Effective Assignments", + "type": "array", + }, + "timestamp": { + "description": "Timestamp", + "type": "string", + }, + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format", + }, + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Manager _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "memberOfOrg", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "ownerOfApp": { + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Applications I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "password": { + "description": "Password", + "isPersonal": false, + "isProtected": true, + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing", + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean", + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean", + }, + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "profileImage": { + "description": "Profile Image", + "isPersonal": true, + "searchable": true, + "title": "Profile Image", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Direct Reports Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/alpha_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "userName": { + "description": "Username", + "isPersonal": true, + "minLength": 1, + "policies": [ + { + "policyId": "valid-username", + }, + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "userName", + "givenName", + "sn", + "mail", + ], + "title": "Alpha realm - User", + "type": "object", + "viewable": true, + }, + }, + { + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync", + }, + "meta": { + "property": "_meta", + "resourceCollection": "managed/bravo_usermeta", + "trackedProperties": [ + "createDate", + "lastChanged", + ], + }, + "name": "bravo_user", + "notifications": {}, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "cn", + "sn", + "mail", + "profileImage", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "groups", + "applications", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "effectiveGroups", + "effectiveApplications", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "ownerOfApp", + "frIndexedString1", + "frIndexedString2", + "frIndexedString3", + "frIndexedString4", + "frIndexedString5", + "frUnindexedString1", + "frUnindexedString2", + "frUnindexedString3", + "frUnindexedString4", + "frUnindexedString5", + "frIndexedMultivalued1", + "frIndexedMultivalued2", + "frIndexedMultivalued3", + "frIndexedMultivalued4", + "frIndexedMultivalued5", + "frUnindexedMultivalued1", + "frUnindexedMultivalued2", + "frUnindexedMultivalued3", + "frUnindexedMultivalued4", + "frUnindexedMultivalued5", + "frIndexedDate1", + "frIndexedDate2", + "frIndexedDate3", + "frIndexedDate4", + "frIndexedDate5", + "frUnindexedDate1", + "frUnindexedDate2", + "frUnindexedDate3", + "frUnindexedDate4", + "frUnindexedDate5", + "frIndexedInteger1", + "frIndexedInteger2", + "frIndexedInteger3", + "frIndexedInteger4", + "frIndexedInteger5", + "frUnindexedInteger1", + "frUnindexedInteger2", + "frUnindexedInteger3", + "frUnindexedInteger4", + "frUnindexedInteger5", + "assignedDashboard", + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "aliasList": { + "description": "List of identity aliases used primarily to record social IdP subjects for this user", + "isVirtual": false, + "items": { + "title": "User Alias Names Items", + "type": "string", + }, + "returnByDefault": false, + "searchable": false, + "title": "User Alias Names List", + "type": "array", + "userEditable": true, + "viewable": false, + }, + "applications": { + "description": "Applications", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "assignedDashboard": { + "description": "List of items to click on for this user", + "isVirtual": true, + "items": { + "title": "Assigned Dashboard Items", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "searchable": false, + "title": "Assigned Dashboard", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/bravo_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Authorization Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "city": { + "description": "City", + "isPersonal": false, + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "cn": { + "default": "{{givenName}} {{sn}}", + "description": "Common Name", + "isPersonal": true, + "scope": "private", + "searchable": false, + "title": "Common Name", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "items": { + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mappings Item", + "type": "object", + }, + "title": "Consented Mappings Items", + "type": "array", + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "country": { + "description": "Country", + "isPersonal": false, + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "description": { + "description": "Description", + "isPersonal": false, + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "effectiveApplications": { + "description": "Effective Applications", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assigned Application Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Applications", + "type": "array", + "viewable": false, + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "*", + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments", + ], + [ + "assignments", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveGroups": { + "description": "Effective Groups", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Groups Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "groups", + ], + }, + "returnByDefault": true, + "title": "Effective Groups", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles", + ], + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "frIndexedDate1": { + "description": "Generic Indexed Date 1", + "isPersonal": false, + "title": "Generic Indexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate2": { + "description": "Generic Indexed Date 2", + "isPersonal": false, + "title": "Generic Indexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate3": { + "description": "Generic Indexed Date 3", + "isPersonal": false, + "title": "Generic Indexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate4": { + "description": "Generic Indexed Date 4", + "isPersonal": false, + "title": "Generic Indexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate5": { + "description": "Generic Indexed Date 5", + "isPersonal": false, + "title": "Generic Indexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger1": { + "description": "Generic Indexed Integer 1", + "isPersonal": false, + "title": "Generic Indexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger2": { + "description": "Generic Indexed Integer 2", + "isPersonal": false, + "title": "Generic Indexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger3": { + "description": "Generic Indexed Integer 3", + "isPersonal": false, + "title": "Generic Indexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger4": { + "description": "Generic Indexed Integer 4", + "isPersonal": false, + "title": "Generic Indexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger5": { + "description": "Generic Indexed Integer 5", + "isPersonal": false, + "title": "Generic Indexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued1": { + "description": "Generic Indexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued2": { + "description": "Generic Indexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued3": { + "description": "Generic Indexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued4": { + "description": "Generic Indexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued5": { + "description": "Generic Indexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString1": { + "description": "Generic Indexed String 1", + "isPersonal": false, + "title": "Generic Indexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString2": { + "description": "Generic Indexed String 2", + "isPersonal": false, + "title": "Generic Indexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString3": { + "description": "Generic Indexed String 3", + "isPersonal": false, + "title": "Generic Indexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString4": { + "description": "Generic Indexed String 4", + "isPersonal": false, + "title": "Generic Indexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString5": { + "description": "Generic Indexed String 5", + "isPersonal": false, + "title": "Generic Indexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate1": { + "description": "Generic Unindexed Date 1", + "isPersonal": false, + "title": "Generic Unindexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate2": { + "description": "Generic Unindexed Date 2", + "isPersonal": false, + "title": "Generic Unindexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate3": { + "description": "Generic Unindexed Date 3", + "isPersonal": false, + "title": "Generic Unindexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate4": { + "description": "Generic Unindexed Date 4", + "isPersonal": false, + "title": "Generic Unindexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate5": { + "description": "Generic Unindexed Date 5", + "isPersonal": false, + "title": "Generic Unindexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger1": { + "description": "Generic Unindexed Integer 1", + "isPersonal": false, + "title": "Generic Unindexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger2": { + "description": "Generic Unindexed Integer 2", + "isPersonal": false, + "title": "Generic Unindexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger3": { + "description": "Generic Unindexed Integer 3", + "isPersonal": false, + "title": "Generic Unindexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger4": { + "description": "Generic Unindexed Integer 4", + "isPersonal": false, + "title": "Generic Unindexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger5": { + "description": "Generic Unindexed Integer 5", + "isPersonal": false, + "title": "Generic Unindexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued1": { + "description": "Generic Unindexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued2": { + "description": "Generic Unindexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued3": { + "description": "Generic Unindexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued4": { + "description": "Generic Unindexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued5": { + "description": "Generic Unindexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString1": { + "description": "Generic Unindexed String 1", + "isPersonal": false, + "title": "Generic Unindexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString2": { + "description": "Generic Unindexed String 2", + "isPersonal": false, + "title": "Generic Unindexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString3": { + "description": "Generic Unindexed String 3", + "isPersonal": false, + "title": "Generic Unindexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString4": { + "description": "Generic Unindexed String 4", + "isPersonal": false, + "title": "Generic Unindexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString5": { + "description": "Generic Unindexed String 5", + "isPersonal": false, + "title": "Generic Unindexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "groups": { + "description": "Groups", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Group", + "path": "managed/bravo_group", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": false, + "returnByDefault": false, + "title": "Groups", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId", + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string", + }, + "customQuestion": { + "description": "Custom question", + "type": "string", + }, + "questionId": { + "description": "Question ID", + "type": "string", + }, + }, + "required": [], + "title": "KBA Info Items", + "type": "object", + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp", + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "title": "Effective Assignments", + "type": "array", + }, + "timestamp": { + "description": "Timestamp", + "type": "string", + }, + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format", + }, + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Manager _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "memberOfOrg", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "ownerOfApp": { + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Applications I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "password": { + "description": "Password", + "isPersonal": false, + "isProtected": true, + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing", + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean", + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean", + }, + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "profileImage": { + "description": "Profile Image", + "isPersonal": true, + "searchable": true, + "title": "Profile Image", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Direct Reports Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/bravo_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "userName": { + "description": "Username", + "isPersonal": true, + "minLength": 1, + "policies": [ + { + "policyId": "valid-username", + }, + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "userName", + "givenName", + "sn", + "mail", + ], + "title": "Bravo realm - User", + "type": "object", + "viewable": true, + }, + }, + { + "name": "alpha_role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square-o", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "applications", + "condition", + "temporalConstraints", + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "applications": { + "description": "Role Applications", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Application Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Application Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "viewable": false, + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Assignments Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/alpha_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration", + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string", + }, + }, + "required": [ + "duration", + ], + "title": "Temporal Constraints Items", + "type": "object", + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Role", + "type": "object", + }, + }, + { + "name": "bravo_role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square-o", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "applications", + "condition", + "temporalConstraints", + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "applications": { + "description": "Role Applications", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Application Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Application Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "viewable": false, + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Assignments Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/bravo_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration", + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string", + }, + }, + "required": [ + "duration", + ], + "title": "Temporal Constraints Items", + "type": "object", + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Role", + "type": "object", + }, + }, + { + "attributeEncryption": {}, + "name": "alpha_assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "type", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", + }, + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object", + }, + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string", + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true, + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Assignment Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/alpha_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "type": { + "description": "The type of object this assignment represents", + "title": "Type", + "type": "string", + "viewable": true, + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Alpha realm - Assignment", + "type": "object", + }, + }, + { + "attributeEncryption": {}, + "name": "bravo_assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "type", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", + }, + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object", + }, + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string", + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true, + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Assignment Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/bravo_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "type": { + "description": "The type of object this assignment represents", + "title": "Type", + "type": "string", + "viewable": true, + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Bravo realm - Assignment", + "type": "object", + }, + }, + { + "name": "alpha_organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "admins", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members", + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Organization", + "type": "object", + }, + }, + { + "name": "bravo_organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "admins", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members", + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Organization", + "type": "object", + }, + }, + { + "name": "alpha_group", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-group", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", + "mat-icon": "group", + "order": [ + "_id", + "name", + "description", + "condition", + "members", + ], + "properties": { + "_id": { + "description": "Group ID", + "isPersonal": false, + "policies": [ + { + "params": { + "propertyName": "name", + }, + "policyId": "id-must-equal-property", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "condition": { + "description": "A filter for conditionally assigned members", + "isConditional": true, + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "Group Description", + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": false, + "viewable": true, + }, + "members": { + "description": "Group Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "groups", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Group Name", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Group", + "viewable": true, + }, + }, + { + "name": "bravo_group", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-group", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", + "mat-icon": "group", + "order": [ + "_id", + "name", + "description", + "condition", + "members", + ], + "properties": { + "_id": { + "description": "Group ID", + "isPersonal": false, + "policies": [ + { + "params": { + "propertyName": "name", + }, + "policyId": "id-must-equal-property", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "condition": { + "description": "A filter for conditionally assigned members", + "isConditional": true, + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "Group Description", + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": false, + "viewable": true, + }, + "members": { + "description": "Group Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "groups", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Group Name", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Group", + "viewable": true, + }, + }, + { + "name": "alpha_application", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "Application Object", + "icon": "fa-folder", + "order": [ + "name", + "description", + "url", + "icon", + "mappingNames", + "owners", + "roles", + "members", + ], + "properties": { + "_id": { + "description": "Application ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "userEditable": false, + "viewable": false, + }, + "authoritative": { + "description": "Is this an authoritative application", + "searchable": false, + "title": "Authoritative", + "type": "boolean", + "viewable": false, + }, + "connectorId": { + "description": "Id of the connector associated with the application", + "searchable": false, + "title": "Connector ID", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "description": { + "description": "Application Description", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "icon": { + "searchable": true, + "title": "Icon", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mappingNames": { + "description": "Names of the sync mappings used by an application with provisioning configured.", + "items": { + "title": "Mapping Name Items", + "type": "string", + }, + "searchable": true, + "title": "Sync Mapping Names", + "type": "array", + "viewable": true, + }, + "members": { + "description": "Application Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Application name", + "notifyRelationships": [ + "roles", + "members", + ], + "policies": [ + { + "policyId": "unique", + }, + ], + "returnByDefault": true, + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "owners": { + "description": "Application Owners", + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Application _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "ownerOfApp", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Owners", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Roles granting users the application", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/alpha_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ssoEntities": { + "description": "SSO Entity Id", + "properties": { + "idpLocation": { + "type": "string", + }, + "idpPrivateId": { + "type": "string", + }, + "spLocation": { + "type": "string", + }, + "spPrivate": { + "type": "string", + }, + }, + "searchable": false, + "title": "SSO Entity Id", + "type": "object", + "userEditable": false, + "viewable": false, + }, + "templateName": { + "description": "Name of the template the application was created from", + "searchable": false, + "title": "Template Name", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "templateVersion": { + "description": "The template version", + "searchable": false, + "title": "Template Version", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "uiConfig": { + "description": "UI Config", + "isPersonal": false, + "properties": {}, + "searchable": false, + "title": "UI Config", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "url": { + "searchable": true, + "title": "Url", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Application", + "type": "object", + }, + }, + { + "name": "bravo_application", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "Application Object", + "icon": "fa-folder", + "order": [ + "name", + "description", + "url", + "icon", + "mappingNames", + "owners", + "roles", + "members", + ], + "properties": { + "_id": { + "description": "Application ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "userEditable": false, + "viewable": false, + }, + "authoritative": { + "description": "Is this an authoritative application", + "searchable": false, + "title": "Authoritative", + "type": "boolean", + "viewable": false, + }, + "connectorId": { + "description": "Id of the connector associated with the application", + "searchable": false, + "title": "Connector ID", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "description": { + "description": "Application Description", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "icon": { + "searchable": true, + "title": "Icon", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mappingNames": { + "description": "Names of the sync mappings used by an application with provisioning configured.", + "items": { + "title": "Mapping Name Items", + "type": "string", + }, + "searchable": true, + "title": "Sync Mapping Names", + "type": "array", + "viewable": true, + }, + "members": { + "description": "Application Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Application name", + "notifyRelationships": [ + "roles", + "members", + ], + "policies": [ + { + "policyId": "unique", + }, + ], + "returnByDefault": true, + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "owners": { + "description": "Application Owners", + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Application _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "ownerOfApp", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Owners", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Roles granting users the application", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/bravo_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ssoEntities": { + "description": "SSO Entity Id", + "properties": { + "idpLocation": { + "type": "string", + }, + "idpPrivateId": { + "type": "string", + }, + "spLocation": { + "type": "string", + }, + "spPrivate": { + "type": "string", + }, + }, + "searchable": false, + "title": "SSO Entity Id", + "type": "object", + "userEditable": false, + "viewable": false, + }, + "templateName": { + "description": "Name of the template the application was created from", + "searchable": false, + "title": "Template Name", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "templateVersion": { + "description": "The template version", + "searchable": false, + "title": "Template Version", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "uiConfig": { + "description": "UI Config", + "isPersonal": false, + "properties": {}, + "searchable": false, + "title": "UI Config", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "url": { + "searchable": true, + "title": "Url", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Application", + "type": "object", + }, + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/policy.idm.json 1`] = ` +{ + "idm": { + "policy": { + "_id": "policy", + "additionalFiles": [], + "resources": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privilegeAssignments.idm.json 1`] = ` +{ + "idm": { + "privilegeAssignments": { + "_id": "privilegeAssignments", + "privilegeAssignments": [ + { + "name": "ownerPrivileges", + "privileges": [ + "owner-view-update-delete-orgs", + "owner-create-orgs", + "owner-view-update-delete-admins-and-members", + "owner-create-admins", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "ownerOfOrg", + }, + { + "name": "adminPrivileges", + "privileges": [ + "admin-view-update-delete-orgs", + "admin-create-orgs", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "adminOfOrg", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privileges.idm.json 1`] = ` +{ + "idm": { + "privileges": { + "_id": "privileges", + "privileges": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openic/GoogleApps.idm.json 1`] = ` +{ + "idm": { + "provisioner.openic/GoogleApps": { + "_id": "provisioner.openic/GoogleApps", + "configurationProperties": { + "availableLicenses": [ + "101005/1010050001", + "101001/1010010001", + "101031/1010310010", + "101034/1010340002", + "101038/1010380002", + "101034/1010340001", + "101038/1010380003", + "101034/1010340004", + "101034/1010340003", + "101034/1010340006", + "Google-Apps/Google-Apps-For-Business", + "101034/1010340005", + "Google-Vault/Google-Vault", + "Google-Apps/1010020031", + "Google-Apps/1010020030", + "Google-Apps/1010060003", + "Google-Apps/1010060005", + "Google-Apps/Google-Apps-Unlimited", + "Google-Apps/1010020029", + "Google-Apps/Google-Apps-Lite", + "101031/1010310003", + "101033/1010330002", + "101033/1010330004", + "Google-Apps/Google-Apps-For-Education", + "101031/1010310002", + "101033/1010330003", + "Google-Apps/1010020026", + "101031/1010310007", + "Google-Apps/1010020025", + "101031/1010310008", + "Google-Apps/1010020028", + "Google-Apps/Google-Apps-For-Postini", + "101031/1010310005", + "Google-Apps/1010020027", + "101031/1010310006", + "101031/1010310009", + "Google-Vault/Google-Vault-Former-Employee", + "101038/1010370001", + "Google-Apps/1010020020", + "Google-Apps/1010060001", + ], + "clientId": "&{esv.gac.client.id}", + "clientSecret": "&{esv.gac.secret}", + "domain": "&{esv.gac.domain}", + "groupsMaxResults": "200", + "listProductAndSkuMaxResults": "100", + "listProductMaxResults": "100", + "membersMaxResults": "200", + "proxyHost": null, + "proxyPort": 8080, + "refreshToken": "&{esv.gac.refresh}", + "roleAssignmentMaxResults": 100, + "roleMaxResults": 100, + "usersMaxResults": "100", + "validateCertificate": true, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", + "bundleVersion": "[1.5.0.0,1.6.0.0)", + "connectorHostRef": "", + "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", + "displayName": "GoogleApps Connector", + "systemType": "provisioner.openicf", + }, + "enabled": { + "$bool": "&{esv.gac.enable.connector}", + }, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__GROUPS__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__GROUPS__", + "nativeType": "string", + "type": "array", + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string", + }, + "__PHOTO__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PHOTO__", + "nativeType": "JAVA_TYPE_BYTE_ARRAY", + "type": "string", + }, + "__SECONDARY_EMAILS__": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__SECONDARY_EMAILS__", + "nativeType": "object", + "type": "array", + }, + "__UID__": { + "nativeName": "__UID__", + "nativeType": "string", + "required": false, + "type": "string", + }, + "addresses": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "addresses", + "nativeType": "object", + "type": "array", + }, + "agreedToTerms": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "agreedToTerms", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "aliases": { + "flags": [ + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "aliases", + "nativeType": "string", + "type": "array", + }, + "archived": { + "nativeName": "archived", + "nativeType": "boolean", + "type": "boolean", + }, + "changePasswordAtNextLogin": { + "nativeName": "changePasswordAtNextLogin", + "nativeType": "boolean", + "type": "boolean", + }, + "creationTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "creationTime", + "nativeType": "string", + "type": "array", + }, + "customSchemas": { + "nativeName": "customSchemas", + "nativeType": "object", + "type": "object", + }, + "customerId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "customerId", + "nativeType": "string", + "type": "string", + }, + "deletionTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "deletionTime", + "nativeType": "string", + "type": "string", + }, + "externalIds": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "externalIds", + "nativeType": "object", + "type": "array", + }, + "familyName": { + "nativeName": "familyName", + "nativeType": "string", + "type": "string", + }, + "fullName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "fullName", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "hashFunction": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "hashFunction", + "nativeType": "string", + "type": "string", + }, + "ims": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "ims", + "nativeType": "object", + "type": "array", + }, + "includeInGlobalAddressList": { + "nativeName": "includeInGlobalAddressList", + "nativeType": "boolean", + "type": "boolean", + }, + "ipWhitelisted": { + "nativeName": "ipWhitelisted", + "nativeType": "boolean", + "type": "boolean", + }, + "isAdmin": { + "nativeName": "isAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isDelegatedAdmin": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isDelegatedAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isEnforcedIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnforcedIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isEnrolledIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnrolledIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isMailboxSetup": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isMailboxSetup", + "nativeType": "boolean", + "type": "boolean", + }, + "languages": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "languages", + "nativeType": "object", + "type": "array", + }, + "lastLoginTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "lastLoginTime", + "nativeType": "string", + "type": "array", + }, + "nonEditableAliases": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "nonEditableAliases", + "nativeType": "string", + "type": "array", + }, + "orgUnitPath": { + "nativeName": "orgUnitPath", + "nativeType": "string", + "type": "string", + }, + "organizations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "organizations", + "nativeType": "object", + "type": "array", + }, + "phones": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "phones", + "nativeType": "object", + "type": "array", + }, + "primaryEmail": { + "nativeName": "primaryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryEmail": { + "nativeName": "recoveryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryPhone": { + "nativeName": "recoveryPhone", + "nativeType": "string", + "type": "string", + }, + "relations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "relations", + "nativeType": "object", + "type": "array", + }, + "suspended": { + "nativeName": "suspended", + "nativeType": "boolean", + "type": "boolean", + }, + "suspensionReason": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "suspensionReason", + "nativeType": "string", + "type": "string", + }, + "thumbnailPhotoUrl": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "thumbnailPhotoUrl", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf.connectorinfoprovider.idm.json 1`] = ` +{ + "idm": { + "provisioner.openicf.connectorinfoprovider": { + "_id": "provisioner.openicf.connectorinfoprovider", + "connectorsLocation": "connectors", + "remoteConnectorClients": [ + { + "enabled": true, + "name": "rcs1", + "useSSL": true, + }, + ], + "remoteConnectorClientsGroups": [], + "remoteConnectorServers": [], + "remoteConnectorServersGroups": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/Azure.idm.json 1`] = ` +{ + "idm": { + "provisioner.openicf/Azure": { + "_id": "provisioner.openicf/Azure", + "configurationProperties": { + "clientId": "4b07adcc-329c-434c-aa83-49a14bef3c49", + "clientSecret": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "W63amdvzlmynT40WOTl1wPWDc8FUlGWQZK158lmlFTrnhy9PbWZV5YE4v3VeMUDC", + "iv": "KG/YFc8v26QHJzRI3uFhzw==", + "keySize": 16, + "mac": "mA4BzCNS7tuLhosQ+es1Tg==", + "purpose": "idm.config.encryption", + "salt": "vvPwKk0KqOqMjElQgICqEA==", + "stableId": "openidm-sym-default", + }, + }, + }, + "httpProxyHost": null, + "httpProxyPassword": null, + "httpProxyPort": null, + "httpProxyUsername": null, + "licenseCacheExpiryTime": 60, + "performHardDelete": true, + "readRateLimit": null, + "tenant": "711ffa9c-5972-4713-ace3-688c9732614a", + "writeRateLimit": null, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.msgraphapi-connector", + "bundleVersion": "1.5.20.21", + "connectorName": "org.forgerock.openicf.connectors.msgraphapi.MSGraphAPIConnector", + "displayName": "MSGraphAPI Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__PASSWORD__": { + "autocomplete": "new-password", + "flags": [ + "NOT_UPDATEABLE", + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string", + }, + "__roles__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__roles__", + "nativeType": "string", + "type": "array", + }, + "__servicePlanIds__": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__servicePlanIds__", + "nativeType": "string", + "type": "array", + }, + "accountEnabled": { + "nativeName": "accountEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "type": "string", + }, + "companyName": { + "nativeName": "companyName", + "nativeType": "string", + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "type": "string", + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string", + }, + "jobTitle": { + "nativeName": "jobTitle", + "nativeType": "string", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "mailNickname": { + "nativeName": "mailNickname", + "nativeType": "string", + "required": true, + "type": "string", + }, + "manager": { + "nativeName": "manager", + "nativeType": "object", + "type": "object", + }, + "memberOf": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array", + }, + "mobilePhone": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "mobilePhone", + "nativeType": "string", + "type": "string", + }, + "onPremisesImmutableId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "onPremisesImmutableId", + "nativeType": "string", + "type": "string", + }, + "onPremisesSecurityIdentifier": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "onPremisesSecurityIdentifier", + "nativeType": "string", + "type": "string", + }, + "otherMails": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "otherMails", + "nativeType": "string", + "type": "array", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string", + }, + "preferredLanguage": { + "nativeName": "preferredLanguage", + "nativeType": "string", + "type": "string", + }, + "proxyAddresses": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "proxyAddresses", + "nativeType": "string", + "type": "array", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "type": "string", + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string", + }, + "surname": { + "nativeName": "surname", + "nativeType": "string", + "type": "string", + }, + "usageLocation": { + "nativeName": "usageLocation", + "nativeType": "string", + "type": "string", + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "userType": { + "nativeName": "userType", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "__GROUP__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "groupTypes": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "groupTypes", + "nativeType": "string", + "type": "string", + }, + "id": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "id", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string", + }, + "mailEnabled": { + "nativeName": "mailEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean", + }, + "onPremisesSecurityIdentifier": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "onPremisesSecurityIdentifier", + "nativeType": "string", + "type": "string", + }, + "proxyAddresses": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "proxyAddresses", + "nativeType": "string", + "type": "array", + }, + "securityEnabled": { + "nativeName": "securityEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean", + }, + "type": { + "nativeName": "type", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "directoryRole": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "directoryRole", + "nativeType": "directoryRole", + "properties": { + "description": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "servicePlan": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "servicePlan", + "nativeType": "servicePlan", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "appliesTo": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "appliesTo", + "nativeType": "string", + "type": "string", + }, + "provisioningStatus": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "provisioningStatus", + "nativeType": "string", + "type": "string", + }, + "servicePlanId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "servicePlanId", + "nativeType": "string", + "type": "string", + }, + "servicePlanName": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "servicePlanName", + "nativeType": "string", + "type": "string", + }, + "subscriberSkuId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "subscriberSkuId", + "type": "string", + }, + }, + "type": "object", + }, + "servicePrincipal": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "servicePrincipal", + "nativeType": "servicePrincipal", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "__addAppRoleAssignedTo__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__addAppRoleAssignedTo__", + "nativeType": "object", + "type": "array", + }, + "__addAppRoleAssignments__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__addAppRoleAssignments__", + "nativeType": "object", + "type": "array", + }, + "__removeAppRoleAssignedTo__": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__removeAppRoleAssignedTo__", + "nativeType": "string", + "type": "array", + }, + "__removeAppRoleAssignments__": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__removeAppRoleAssignments__", + "nativeType": "string", + "type": "array", + }, + "accountEnabled": { + "nativeName": "accountEnabled", + "nativeType": "boolean", + "type": "boolean", + }, + "addIns": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "addIns", + "nativeType": "object", + "type": "array", + }, + "alternativeNames": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "alternativeNames", + "nativeType": "string", + "type": "array", + }, + "appDescription": { + "nativeName": "appDescription", + "nativeType": "string", + "type": "string", + }, + "appDisplayName": { + "nativeName": "appDisplayName", + "nativeType": "string", + "type": "string", + }, + "appId": { + "nativeName": "appId", + "nativeType": "string", + "type": "string", + }, + "appOwnerOrganizationId": { + "nativeName": "appOwnerOrganizationId", + "nativeType": "string", + "type": "string", + }, + "appRoleAssignmentRequired": { + "nativeName": "appRoleAssignmentRequired", + "nativeType": "boolean", + "type": "boolean", + }, + "appRoles": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "appRoles", + "nativeType": "object", + "type": "array", + }, + "applicationTemplateId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "applicationTemplateId", + "nativeType": "string", + "type": "string", + }, + "deletedDateTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "deletedDateTime", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "disabledByMicrosoftStatus": { + "nativeName": "disabledByMicrosoftStatus", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "homepage": { + "nativeName": "homepage", + "nativeType": "string", + "type": "string", + }, + "info": { + "nativeName": "info", + "nativeType": "object", + "type": "object", + }, + "keyCredentials": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "keyCredentials", + "nativeType": "object", + "type": "array", + }, + "loginUrl": { + "nativeName": "loginUrl", + "nativeType": "string", + "type": "string", + }, + "logoutUrl": { + "nativeName": "logoutUrl", + "nativeType": "string", + "type": "string", + }, + "notes": { + "nativeName": "notes", + "nativeType": "string", + "type": "string", + }, + "notificationEmailAddresses": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "notificationEmailAddresses", + "nativeType": "string", + "type": "array", + }, + "oauth2PermissionScopes": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "oauth2PermissionScopes", + "nativeType": "object", + "type": "array", + }, + "passwordCredentials": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "passwordCredentials", + "nativeType": "object", + "type": "array", + }, + "preferredSingleSignOnMode": { + "nativeName": "preferredSingleSignOnMode", + "nativeType": "string", + "type": "string", + }, + "replyUrls": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "replyUrls", + "nativeType": "string", + "type": "array", + }, + "resourceSpecificApplicationPermissions": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "resourceSpecificApplicationPermissions", + "nativeType": "object", + "type": "array", + }, + "samlSingleSignOnSettings": { + "nativeName": "samlSingleSignOnSettings", + "nativeType": "object", + "type": "object", + }, + "servicePrincipalNames": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "servicePrincipalNames", + "nativeType": "string", + "type": "array", + }, + "servicePrincipalType": { + "nativeName": "servicePrincipalType", + "nativeType": "string", + "type": "string", + }, + "signInAudience": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "signInAudience", + "nativeType": "string", + "type": "string", + }, + "tags": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "tags", + "nativeType": "string", + "type": "array", + }, + "tokenEncryptionKeyId": { + "nativeName": "tokenEncryptionKeyId", + "nativeType": "string", + "type": "string", + }, + "verifiedPublisher": { + "nativeName": "verifiedPublisher", + "nativeType": "object", + "type": "object", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/GoogleApps.idm.json 1`] = ` +{ + "idm": { + "provisioner.openicf/GoogleApps": { + "_id": "provisioner.openicf/GoogleApps", + "configurationProperties": { + "availableLicenses": [ + "101005/1010050001", + "101001/1010010001", + "101031/1010310010", + "101034/1010340002", + "101038/1010380002", + "101034/1010340001", + "101038/1010380003", + "101034/1010340004", + "101034/1010340003", + "101034/1010340006", + "Google-Apps/Google-Apps-For-Business", + "101034/1010340005", + "Google-Vault/Google-Vault", + "Google-Apps/1010020031", + "Google-Apps/1010020030", + "Google-Apps/1010060003", + "Google-Apps/1010060005", + "Google-Apps/Google-Apps-Unlimited", + "Google-Apps/1010020029", + "Google-Apps/Google-Apps-Lite", + "101031/1010310003", + "101033/1010330002", + "101033/1010330004", + "Google-Apps/Google-Apps-For-Education", + "101031/1010310002", + "101033/1010330003", + "Google-Apps/1010020026", + "101031/1010310007", + "Google-Apps/1010020025", + "101031/1010310008", + "Google-Apps/1010020028", + "Google-Apps/Google-Apps-For-Postini", + "101031/1010310005", + "Google-Apps/1010020027", + "101031/1010310006", + "101031/1010310009", + "Google-Vault/Google-Vault-Former-Employee", + "101038/1010370001", + "Google-Apps/1010020020", + "Google-Apps/1010060001", + ], + "clientId": "&{esv.gac.client.id}", + "clientSecret": "&{esv.gac.secret}", + "domain": "&{esv.gac.domain}", + "groupsMaxResults": "200", + "listProductAndSkuMaxResults": "100", + "listProductMaxResults": "100", + "membersMaxResults": "200", + "proxyHost": null, + "proxyPort": 8080, + "refreshToken": "&{esv.gac.refresh}", + "roleAssignmentMaxResults": 100, + "roleMaxResults": 100, + "usersMaxResults": "100", + "validateCertificate": true, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", + "bundleVersion": "[1.5.0.0,1.6.0.0)", + "connectorHostRef": "", + "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", + "displayName": "GoogleApps Connector", + "systemType": "provisioner.openicf", + }, + "enabled": { + "$bool": "&{esv.gac.enable.connector}", + }, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__GROUPS__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__GROUPS__", + "nativeType": "string", + "type": "array", + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string", + }, + "__PHOTO__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PHOTO__", + "nativeType": "JAVA_TYPE_BYTE_ARRAY", + "type": "string", + }, + "__SECONDARY_EMAILS__": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__SECONDARY_EMAILS__", + "nativeType": "object", + "type": "array", + }, + "__UID__": { + "nativeName": "__UID__", + "nativeType": "string", + "required": false, + "type": "string", + }, + "addresses": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "addresses", + "nativeType": "object", + "type": "array", + }, + "agreedToTerms": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "agreedToTerms", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "aliases": { + "flags": [ + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "aliases", + "nativeType": "string", + "type": "array", + }, + "archived": { + "nativeName": "archived", + "nativeType": "boolean", + "type": "boolean", + }, + "changePasswordAtNextLogin": { + "nativeName": "changePasswordAtNextLogin", + "nativeType": "boolean", + "type": "boolean", + }, + "creationTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "creationTime", + "nativeType": "string", + "type": "array", + }, + "customSchemas": { + "nativeName": "customSchemas", + "nativeType": "object", + "type": "object", + }, + "customerId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "customerId", + "nativeType": "string", + "type": "string", + }, + "deletionTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "deletionTime", + "nativeType": "string", + "type": "string", + }, + "externalIds": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "externalIds", + "nativeType": "object", + "type": "array", + }, + "familyName": { + "nativeName": "familyName", + "nativeType": "string", + "type": "string", + }, + "fullName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "fullName", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "hashFunction": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "hashFunction", + "nativeType": "string", + "type": "string", + }, + "ims": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "ims", + "nativeType": "object", + "type": "array", + }, + "includeInGlobalAddressList": { + "nativeName": "includeInGlobalAddressList", + "nativeType": "boolean", + "type": "boolean", + }, + "ipWhitelisted": { + "nativeName": "ipWhitelisted", + "nativeType": "boolean", + "type": "boolean", + }, + "isAdmin": { + "nativeName": "isAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isDelegatedAdmin": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isDelegatedAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isEnforcedIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnforcedIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isEnrolledIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnrolledIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isMailboxSetup": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isMailboxSetup", + "nativeType": "boolean", + "type": "boolean", + }, + "languages": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "languages", + "nativeType": "object", + "type": "array", + }, + "lastLoginTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "lastLoginTime", + "nativeType": "string", + "type": "array", + }, + "nonEditableAliases": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "nonEditableAliases", + "nativeType": "string", + "type": "array", + }, + "orgUnitPath": { + "nativeName": "orgUnitPath", + "nativeType": "string", + "type": "string", + }, + "organizations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "organizations", + "nativeType": "object", + "type": "array", + }, + "phones": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "phones", + "nativeType": "object", + "type": "array", + }, + "primaryEmail": { + "nativeName": "primaryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryEmail": { + "nativeName": "recoveryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryPhone": { + "nativeName": "recoveryPhone", + "nativeType": "string", + "type": "string", + }, + "relations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "relations", + "nativeType": "object", + "type": "array", + }, + "suspended": { + "nativeName": "suspended", + "nativeType": "boolean", + "type": "boolean", + }, + "suspensionReason": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "suspensionReason", + "nativeType": "string", + "type": "string", + }, + "thumbnailPhotoUrl": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "thumbnailPhotoUrl", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/repo.ds.idm.json 1`] = ` +{ + "idm": { + "repo.ds": { + "_id": "repo.ds", + "commands": { + "delete-mapping-links": { + "_queryFilter": "/linkType eq "\${mapping}"", + "operation": "DELETE", + }, + "delete-target-ids-for-recon": { + "_queryFilter": "/reconId eq "\${reconId}"", + "operation": "DELETE", + }, + }, + "embedded": false, + "ldapConnectionFactories": { + "bind": { + "availabilityCheckIntervalSeconds": 30, + "availabilityCheckTimeoutMilliSeconds": 10000, + "connectionPoolSize": 50, + "connectionSecurity": "none", + "heartBeatIntervalSeconds": 60, + "heartBeatTimeoutMilliSeconds": 10000, + "primaryLdapServers": [ + { + "hostname": "userstore-0.userstore", + "port": 1389, + }, + ], + "secondaryLdapServers": [ + { + "hostname": "userstore-2.userstore", + "port": 1389, + }, + ], + }, + "root": { + "authentication": { + "simple": { + "bindDn": "uid=admin", + "bindPassword": "&{userstore.password}", + }, + }, + "inheritFrom": "bind", + }, + }, + "maxConnectionAttempts": 5, + "queries": { + "explicit": { + "credential-internaluser-query": { + "_queryFilter": "/_id eq "\${username}"", + }, + "credential-query": { + "_queryFilter": "/userName eq "\${username}"", + }, + "for-userName": { + "_queryFilter": "/userName eq "\${uid}"", + }, + "links-for-firstId": { + "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", + }, + "links-for-linkType": { + "_queryFilter": "/linkType eq "\${linkType}"", + }, + "query-all": { + "_queryFilter": "true", + }, + "query-all-ids": { + "_fields": "_id,_rev", + "_queryFilter": "true", + }, + }, + "generic": { + "credential-internaluser-query": { + "_queryFilter": "/_id eq "\${username}"", + }, + "credential-query": { + "_queryFilter": "/userName eq "\${username}"", + }, + "find-relationship-edges": { + "_queryFilter": "((/firstResourceCollection eq "\${firstResourceCollection}" and /firstResourceId eq "\${firstResourceId}" and /firstPropertyName eq "\${firstPropertyName}") and (/secondResourceCollection eq "\${secondResourceCollection}" and /secondResourceId eq "\${secondResourceId}" and /secondPropertyName eq "\${secondPropertyName}")) or ((/firstResourceCollection eq "\${secondResourceCollection}" and /firstResourceId eq "\${secondResourceId}" and /firstPropertyName eq "\${secondPropertyName}") and (/secondResourceCollection eq "\${firstResourceCollection}" and /secondResourceId eq "\${firstResourceId}" and /secondPropertyName eq "\${firstPropertyName}"))", + }, + "find-relationships-for-resource": { + "_queryFilter": "(/firstResourceCollection eq "\${resourceCollection}" and /firstResourceId eq "\${resourceId}" and /firstPropertyName eq "\${propertyName}") or (/secondResourceCollection eq "\${resourceCollection}" and /secondResourceId eq "\${resourceId}" and /secondPropertyName eq "\${propertyName}")", + }, + "for-userName": { + "_queryFilter": "/userName eq "\${uid}"", + }, + "get-by-field-value": { + "_queryFilter": "/\${field} eq "\${value}"", + }, + "get-notifications-for-user": { + "_queryFilter": "/receiverId eq "\${userId}"", + "_sortKeys": "-createDate", + }, + "get-recons": { + "_fields": "reconId,mapping,activitydate", + "_queryFilter": "/entryType eq "summary"", + "_sortKeys": "-activitydate", + }, + "links-for-firstId": { + "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", + }, + "links-for-linkType": { + "_queryFilter": "/linkType eq "\${linkType}"", + }, + "query-all": { + "_queryFilter": "true", + }, + "query-all-ids": { + "_fields": "_id,_rev", + "_queryFilter": "true", + }, + "query-cluster-events": { + "_queryFilter": "/instanceId eq "\${instanceId}"", + }, + "query-cluster-failed-instances": { + "_queryFilter": "/timestamp le \${timestamp} and (/state eq "1" or /state eq "2")", + }, + "query-cluster-instances": { + "_queryFilter": "true", + }, + "query-cluster-running-instances": { + "_queryFilter": "/state eq 1", + }, + }, + }, + "resourceMapping": { + "defaultMapping": { + "dnTemplate": "ou=generic,dc=openidm,dc=example,dc=com", + }, + "explicitMapping": { + "clusteredrecontargetids": { + "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-recon-clusteredTargetIds", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "reconId": { + "ldapAttribute": "fr-idm-recon-id", + "type": "simple", + }, + "targetIds": { + "ldapAttribute": "fr-idm-recon-targetIds", + "type": "json", + }, + }, + }, + "dsconfig/attributeValue": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-attribute-value-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "matchAttribute": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-match-attribute", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, + }, + "dsconfig/characterSet": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-character-set-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "allowUnclassifiedCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-allow-unclassified-characters", + "type": "simple", + }, + "characterSet": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-character-set", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minCharacterSets": { + "ldapAttribute": "ds-cfg-min-character-sets", + "type": "simple", + }, + }, + }, + "dsconfig/dictionary": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-dictionary-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "dictionaryFile": { + "isRequired": true, + "ldapAttribute": "ds-cfg-dictionary-file", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, + }, + "dsconfig/lengthBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-length-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxPasswordLength": { + "ldapAttribute": "ds-cfg-max-password-length", + "type": "simple", + }, + "minPasswordLength": { + "ldapAttribute": "ds-cfg-min-password-length", + "type": "simple", + }, + }, + }, + "dsconfig/passwordPolicies": { + "dnTemplate": "cn=Password Policies,cn=config", + "objectClasses": [ + "ds-cfg-password-policy", + "ds-cfg-authentication-policy", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "allowPreEncodedPasswords": { + "ldapAttribute": "ds-cfg-allow-pre-encoded-passwords", + "type": "simple", + }, + "defaultPasswordStorageScheme": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-default-password-storage-scheme", + "type": "simple", + }, + "deprecatedPasswordStorageScheme": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-deprecated-password-storage-scheme", + "type": "simple", + }, + "maxPasswordAge": { + "ldapAttribute": "ds-cfg-max-password-age", + "type": "simple", + }, + "passwordAttribute": { + "isRequired": true, + "ldapAttribute": "ds-cfg-password-attribute", + "type": "simple", + }, + "passwordHistoryCount": { + "ldapAttribute": "ds-cfg-password-history-count", + "type": "simple", + }, + "validator": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-password-validator", + "type": "simple", + }, + }, + }, + "dsconfig/repeatedCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-repeated-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxConsecutiveLength": { + "isRequired": true, + "ldapAttribute": "ds-cfg-max-consecutive-length", + "type": "simple", + }, + }, + }, + "dsconfig/similarityBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-similarity-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minPasswordDifference": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-password-difference", + "type": "simple", + }, + }, + }, + "dsconfig/uniqueCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-unique-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minUniqueCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-unique-characters", + "type": "simple", + }, + }, + }, + "dsconfig/userDefinedVirtualAttribute": { + "dnTemplate": "cn=Virtual Attributes,cn=config", + "objectClasses": [ + "ds-cfg-user-defined-virtual-attribute", + "ds-cfg-virtual-attribute", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "attributeType": { + "isRequired": true, + "ldapAttribute": "ds-cfg-attribute-type", + "type": "simple", + }, + "baseDn": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-base-dn", + "type": "simple", + }, + "conflictBehavior": { + "ldapAttribute": "ds-cfg-conflict-behavior", + "type": "simple", + }, + "enabled": { + "isRequired": true, + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "filter": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-filter", + "type": "simple", + }, + "groupDn": { + "ldapAttribute": "ds-cfg-group-dn", + "type": "simple", + }, + "javaClass": { + "isRequired": true, + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "scope": { + "ldapAttribute": "ds-cfg-scope", + "type": "simple", + }, + "value": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-value", + "type": "simple", + }, + }, + }, + "identities/admin": { + "dnTemplate": "o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming", + }, + "objectClasses": [ + "organizationalunit", + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple", + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly", + }, + }, + }, + "identities/alpha": { + "dnTemplate": "o=alpha,o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming", + }, + "objectClasses": [ + "organizationalunit", + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple", + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly", + }, + }, + }, + "identities/bravo": { + "dnTemplate": "o=bravo,o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming", + }, + "objectClasses": [ + "organizationalunit", + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple", + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly", + }, + }, + }, + "internal/role": { + "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "fr-idm-internal-role", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "authzMembers": { + "isMultiValued": true, + "propertyName": "authzRoles", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "condition": { + "ldapAttribute": "fr-idm-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "name": { + "ldapAttribute": "fr-idm-name", + "type": "simple", + }, + "privileges": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-privilege", + "type": "json", + }, + "temporalConstraints": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-temporal-constraints", + "type": "json", + }, + }, + }, + "internal/user": { + "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-internal-user", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "password": { + "ldapAttribute": "fr-idm-password", + "type": "json", + }, + }, + }, + "link": { + "dnTemplate": "ou=links,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-link", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "firstId": { + "ldapAttribute": "fr-idm-link-firstId", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-link-qualifier", + "type": "simple", + }, + "linkType": { + "ldapAttribute": "fr-idm-link-type", + "type": "simple", + }, + "secondId": { + "ldapAttribute": "fr-idm-link-secondId", + "type": "simple", + }, + }, + }, + "locks": { + "dnTemplate": "ou=locks,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-lock", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "nodeId": { + "ldapAttribute": "fr-idm-lock-nodeid", + "type": "simple", + }, + }, + }, + "managed/teammember": { + "dnTemplate": "ou=people,o=root,ou=identities", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "fraas-admin", + "iplanet-am-user-service", + "deviceProfilesContainer", + "devicePrintProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple", + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/teammembermeta", + "type": "reference", + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple", + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple", + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple", + }, + "inviteDate": { + "ldapAttribute": "fr-idm-inviteDate", + "type": "simple", + }, + "jurisdiction": { + "ldapAttribute": "fr-idm-jurisdiction", + "type": "simple", + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple", + }, + "onboardDate": { + "ldapAttribute": "fr-idm-onboardDate", + "type": "simple", + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple", + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple", + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple", + }, + }, + }, + "managed/teammembergroup": { + "dnTemplate": "ou=groups,o=root,ou=identities", + "objectClasses": [ + "groupofuniquenames", + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + }, + "members": { + "isMultiValued": true, + "ldapAttribute": "uniqueMember", + "type": "simple", + }, + }, + }, + "recon/assoc": { + "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=example,dc=com", + "namingStrategy": { + "dnAttribute": "fr-idm-reconassoc-reconid", + "type": "clientDnNaming", + }, + "objectClasses": [ + "fr-idm-reconassoc", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "fr-idm-reconassoc-reconid", + "type": "simple", + }, + "finishTime": { + "ldapAttribute": "fr-idm-reconassoc-finishtime", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "subResources": { + "entry": { + "namingStrategy": { + "dnAttribute": "uid", + "type": "clientDnNaming", + }, + "resource": "recon-assoc-entry", + "type": "collection", + }, + }, + }, + "recon/assoc/entry": { + "objectClasses": [ + "uidObject", + "fr-idm-reconassocentry", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + }, + "action": { + "ldapAttribute": "fr-idm-reconassocentry-action", + "type": "simple", + }, + "ambiguousTargetObjectIds": { + "ldapAttribute": "fr-idm-reconassocentry-ambiguoustargetobjectids", + "type": "simple", + }, + "exception": { + "ldapAttribute": "fr-idm-reconassocentry-exception", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-reconassocentry-linkqualifier", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "message": { + "ldapAttribute": "fr-idm-reconassocentry-message", + "type": "simple", + }, + "messageDetail": { + "ldapAttribute": "fr-idm-reconassocentry-messagedetail", + "type": "simple", + }, + "phase": { + "ldapAttribute": "fr-idm-reconassocentry-phase", + "type": "simple", + }, + "reconId": { + "ldapAttribute": "fr-idm-reconassocentry-reconid", + "type": "simple", + }, + "situation": { + "ldapAttribute": "fr-idm-reconassocentry-situation", + "type": "simple", + }, + "sourceObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-sourceObjectId", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "status": { + "ldapAttribute": "fr-idm-reconassocentry-status", + "type": "simple", + }, + "targetObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-targetObjectId", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "resourceName": "recon-assoc-entry", + "subResourceRouting": [ + { + "prefix": "entry", + "template": "recon/assoc/{reconId}/entry", + }, + ], + }, + "sync/queue": { + "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-syncqueue", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "context": { + "ldapAttribute": "fr-idm-syncqueue-context", + "type": "json", + }, + "createDate": { + "ldapAttribute": "fr-idm-syncqueue-createdate", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-syncqueue-mapping", + "type": "simple", + }, + "newObject": { + "ldapAttribute": "fr-idm-syncqueue-newobject", + "type": "json", + }, + "nodeId": { + "ldapAttribute": "fr-idm-syncqueue-nodeid", + "type": "simple", + }, + "objectRev": { + "ldapAttribute": "fr-idm-syncqueue-objectRev", + "type": "simple", + }, + "oldObject": { + "ldapAttribute": "fr-idm-syncqueue-oldobject", + "type": "json", + }, + "remainingRetries": { + "ldapAttribute": "fr-idm-syncqueue-remainingretries", + "type": "simple", + }, + "resourceCollection": { + "ldapAttribute": "fr-idm-syncqueue-resourcecollection", + "type": "simple", + }, + "resourceId": { + "ldapAttribute": "fr-idm-syncqueue-resourceid", + "type": "simple", + }, + "state": { + "ldapAttribute": "fr-idm-syncqueue-state", + "type": "simple", + }, + "syncAction": { + "ldapAttribute": "fr-idm-syncqueue-syncaction", + "type": "simple", + }, + }, + }, + }, + "genericMapping": { + "cluster/*": { + "dnTemplate": "ou=cluster,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-cluster-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", + "objectClasses": [ + "uidObject", + "fr-idm-cluster-obj", + ], + }, + "config": { + "dnTemplate": "ou=config,dc=openidm,dc=example,dc=com", + }, + "file": { + "dnTemplate": "ou=file,dc=openidm,dc=example,dc=com", + }, + "internal/notification": { + "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-notification-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-notification", + ], + "properties": { + "target": { + "propertyName": "_notifications", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "internal/usermeta": { + "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "jsonstorage": { + "dnTemplate": "ou=jsonstorage,dc=openidm,dc=example,dc=com", + }, + "managed/*": { + "dnTemplate": "ou=managed,dc=openidm,dc=example,dc=com", + }, + "managed/alpha_group": { + "dnTemplate": "ou=groups,o=alpha,o=root,ou=identities", + "idGenerator": { + "propertyName": "name", + "type": "property", + }, + "jsonAttribute": "fr-idm-managed-group-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "cn", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "top", + "groupOfURLs", + "fr-idm-managed-group", + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + "writability": "createOnly", + }, + "condition": { + "ldapAttribute": "fr-idm-managed-group-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "members": { + "isMultiValued": true, + "propertyName": "groups", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "managed/alpha_organization": { + "dnTemplate": "ou=organization,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "uid", + "type": "simple", + }, + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/alpha_organization", + "type": "reverseReference", + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple", + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + }, + }, + "managed/alpha_role": { + "dnTemplate": "ou=role,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role", + ], + "properties": { + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "managed/alpha_user": { + "dnTemplate": "ou=user,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-custom-attrs", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "iplanet-am-user-service", + "devicePrintProfilesContainer", + "deviceProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple", + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/alpha_usermeta", + "type": "reference", + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference", + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple", + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + "aliasList": { + "isMultiValued": true, + "ldapAttribute": "iplanet-am-user-alias-list", + "type": "simple", + }, + "assignedDashboard": { + "isMultiValued": true, + "ldapAttribute": "assignedDashboard", + "type": "simple", + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference", + }, + "city": { + "ldapAttribute": "l", + "type": "simple", + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple", + }, + "consentedMappings": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-consentedMapping", + "type": "json", + }, + "country": { + "ldapAttribute": "co", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "displayName": { + "ldapAttribute": "displayName", + "type": "simple", + }, + "effectiveAssignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveAssignment", + "type": "json", + }, + "effectiveGroups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveGroup", + "type": "json", + }, + "effectiveRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveRole", + "type": "json", + }, + "frIndexedDate1": { + "ldapAttribute": "fr-attr-idate1", + "type": "simple", + }, + "frIndexedDate2": { + "ldapAttribute": "fr-attr-idate2", + "type": "simple", + }, + "frIndexedDate3": { + "ldapAttribute": "fr-attr-idate3", + "type": "simple", + }, + "frIndexedDate4": { + "ldapAttribute": "fr-attr-idate4", + "type": "simple", + }, + "frIndexedDate5": { + "ldapAttribute": "fr-attr-idate5", + "type": "simple", + }, + "frIndexedInteger1": { + "ldapAttribute": "fr-attr-iint1", + "type": "simple", + }, + "frIndexedInteger2": { + "ldapAttribute": "fr-attr-iint2", + "type": "simple", + }, + "frIndexedInteger3": { + "ldapAttribute": "fr-attr-iint3", + "type": "simple", + }, + "frIndexedInteger4": { + "ldapAttribute": "fr-attr-iint4", + "type": "simple", + }, + "frIndexedInteger5": { + "ldapAttribute": "fr-attr-iint5", + "type": "simple", + }, + "frIndexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti1", + "type": "simple", + }, + "frIndexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti2", + "type": "simple", + }, + "frIndexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti3", + "type": "simple", + }, + "frIndexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti4", + "type": "simple", + }, + "frIndexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti5", + "type": "simple", + }, + "frIndexedString1": { + "ldapAttribute": "fr-attr-istr1", + "type": "simple", + }, + "frIndexedString2": { + "ldapAttribute": "fr-attr-istr2", + "type": "simple", + }, + "frIndexedString3": { + "ldapAttribute": "fr-attr-istr3", + "type": "simple", + }, + "frIndexedString4": { + "ldapAttribute": "fr-attr-istr4", + "type": "simple", + }, + "frIndexedString5": { + "ldapAttribute": "fr-attr-istr5", + "type": "simple", + }, + "frUnindexedDate1": { + "ldapAttribute": "fr-attr-date1", + "type": "simple", + }, + "frUnindexedDate2": { + "ldapAttribute": "fr-attr-date2", + "type": "simple", + }, + "frUnindexedDate3": { + "ldapAttribute": "fr-attr-date3", + "type": "simple", + }, + "frUnindexedDate4": { + "ldapAttribute": "fr-attr-date4", + "type": "simple", + }, + "frUnindexedDate5": { + "ldapAttribute": "fr-attr-date5", + "type": "simple", + }, + "frUnindexedInteger1": { + "ldapAttribute": "fr-attr-int1", + "type": "simple", + }, + "frUnindexedInteger2": { + "ldapAttribute": "fr-attr-int2", + "type": "simple", + }, + "frUnindexedInteger3": { + "ldapAttribute": "fr-attr-int3", + "type": "simple", + }, + "frUnindexedInteger4": { + "ldapAttribute": "fr-attr-int4", + "type": "simple", + }, + "frUnindexedInteger5": { + "ldapAttribute": "fr-attr-int5", + "type": "simple", + }, + "frUnindexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi1", + "type": "simple", + }, + "frUnindexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi2", + "type": "simple", + }, + "frUnindexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi3", + "type": "simple", + }, + "frUnindexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi4", + "type": "simple", + }, + "frUnindexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi5", + "type": "simple", + }, + "frUnindexedString1": { + "ldapAttribute": "fr-attr-str1", + "type": "simple", + }, + "frUnindexedString2": { + "ldapAttribute": "fr-attr-str2", + "type": "simple", + }, + "frUnindexedString3": { + "ldapAttribute": "fr-attr-str3", + "type": "simple", + }, + "frUnindexedString4": { + "ldapAttribute": "fr-attr-str4", + "type": "simple", + }, + "frUnindexedString5": { + "ldapAttribute": "fr-attr-str5", + "type": "simple", + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple", + }, + "groups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-groups", + "primaryKey": "cn", + "resourcePath": "managed/alpha_group", + "type": "reference", + }, + "kbaInfo": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-kbaInfo", + "type": "json", + }, + "lastSync": { + "ldapAttribute": "fr-idm-lastSync", + "type": "json", + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple", + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/alpha_user", + "type": "reference", + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + "memberOfOrgIDs": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-memberoforgid", + "type": "simple", + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple", + }, + "postalAddress": { + "ldapAttribute": "street", + "type": "simple", + }, + "postalCode": { + "ldapAttribute": "postalCode", + "type": "simple", + }, + "preferences": { + "ldapAttribute": "fr-idm-preferences", + "type": "json", + }, + "profileImage": { + "ldapAttribute": "labeledURI", + "type": "simple", + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/alpha_role", + "type": "reference", + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple", + }, + "stateProvince": { + "ldapAttribute": "st", + "type": "simple", + }, + "telephoneNumber": { + "ldapAttribute": "telephoneNumber", + "type": "simple", + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple", + }, + }, + }, + "managed/alpha_usermeta": { + "dnTemplate": "ou=usermeta,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "managed/bravo_group": { + "dnTemplate": "ou=groups,o=bravo,o=root,ou=identities", + "idGenerator": { + "propertyName": "name", + "type": "property", + }, + "jsonAttribute": "fr-idm-managed-group-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "cn", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "top", + "groupOfURLs", + "fr-idm-managed-group", + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + "writability": "createOnly", + }, + "condition": { + "ldapAttribute": "fr-idm-managed-group-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "members": { + "isMultiValued": true, + "propertyName": "groups", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + }, + }, + "managed/bravo_organization": { + "dnTemplate": "ou=organization,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "uid", + "type": "simple", + }, + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/bravo_organization", + "type": "reverseReference", + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple", + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + }, + }, + "managed/bravo_role": { + "dnTemplate": "ou=role,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role", + ], + "properties": { + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + }, + }, + "managed/bravo_user": { + "dnTemplate": "ou=user,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-custom-attrs", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "iplanet-am-user-service", + "devicePrintProfilesContainer", + "deviceProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple", + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/bravo_usermeta", + "type": "reference", + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference", + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple", + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + "aliasList": { + "isMultiValued": true, + "ldapAttribute": "iplanet-am-user-alias-list", + "type": "simple", + }, + "assignedDashboard": { + "isMultiValued": true, + "ldapAttribute": "assignedDashboard", + "type": "simple", + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference", + }, + "city": { + "ldapAttribute": "l", + "type": "simple", + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple", + }, + "consentedMappings": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-consentedMapping", + "type": "json", + }, + "country": { + "ldapAttribute": "co", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "displayName": { + "ldapAttribute": "displayName", + "type": "simple", + }, + "effectiveAssignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveAssignment", + "type": "json", + }, + "effectiveGroups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveGroup", + "type": "json", + }, + "effectiveRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveRole", + "type": "json", + }, + "frIndexedDate1": { + "ldapAttribute": "fr-attr-idate1", + "type": "simple", + }, + "frIndexedDate2": { + "ldapAttribute": "fr-attr-idate2", + "type": "simple", + }, + "frIndexedDate3": { + "ldapAttribute": "fr-attr-idate3", + "type": "simple", + }, + "frIndexedDate4": { + "ldapAttribute": "fr-attr-idate4", + "type": "simple", + }, + "frIndexedDate5": { + "ldapAttribute": "fr-attr-idate5", + "type": "simple", + }, + "frIndexedInteger1": { + "ldapAttribute": "fr-attr-iint1", + "type": "simple", + }, + "frIndexedInteger2": { + "ldapAttribute": "fr-attr-iint2", + "type": "simple", + }, + "frIndexedInteger3": { + "ldapAttribute": "fr-attr-iint3", + "type": "simple", + }, + "frIndexedInteger4": { + "ldapAttribute": "fr-attr-iint4", + "type": "simple", + }, + "frIndexedInteger5": { + "ldapAttribute": "fr-attr-iint5", + "type": "simple", + }, + "frIndexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti1", + "type": "simple", + }, + "frIndexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti2", + "type": "simple", + }, + "frIndexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti3", + "type": "simple", + }, + "frIndexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti4", + "type": "simple", + }, + "frIndexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti5", + "type": "simple", + }, + "frIndexedString1": { + "ldapAttribute": "fr-attr-istr1", + "type": "simple", + }, + "frIndexedString2": { + "ldapAttribute": "fr-attr-istr2", + "type": "simple", + }, + "frIndexedString3": { + "ldapAttribute": "fr-attr-istr3", + "type": "simple", + }, + "frIndexedString4": { + "ldapAttribute": "fr-attr-istr4", + "type": "simple", + }, + "frIndexedString5": { + "ldapAttribute": "fr-attr-istr5", + "type": "simple", + }, + "frUnindexedDate1": { + "ldapAttribute": "fr-attr-date1", + "type": "simple", + }, + "frUnindexedDate2": { + "ldapAttribute": "fr-attr-date2", + "type": "simple", + }, + "frUnindexedDate3": { + "ldapAttribute": "fr-attr-date3", + "type": "simple", + }, + "frUnindexedDate4": { + "ldapAttribute": "fr-attr-date4", + "type": "simple", + }, + "frUnindexedDate5": { + "ldapAttribute": "fr-attr-date5", + "type": "simple", + }, + "frUnindexedInteger1": { + "ldapAttribute": "fr-attr-int1", + "type": "simple", + }, + "frUnindexedInteger2": { + "ldapAttribute": "fr-attr-int2", + "type": "simple", + }, + "frUnindexedInteger3": { + "ldapAttribute": "fr-attr-int3", + "type": "simple", + }, + "frUnindexedInteger4": { + "ldapAttribute": "fr-attr-int4", + "type": "simple", + }, + "frUnindexedInteger5": { + "ldapAttribute": "fr-attr-int5", + "type": "simple", + }, + "frUnindexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi1", + "type": "simple", + }, + "frUnindexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi2", + "type": "simple", + }, + "frUnindexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi3", + "type": "simple", + }, + "frUnindexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi4", + "type": "simple", + }, + "frUnindexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi5", + "type": "simple", + }, + "frUnindexedString1": { + "ldapAttribute": "fr-attr-str1", + "type": "simple", + }, + "frUnindexedString2": { + "ldapAttribute": "fr-attr-str2", + "type": "simple", + }, + "frUnindexedString3": { + "ldapAttribute": "fr-attr-str3", + "type": "simple", + }, + "frUnindexedString4": { + "ldapAttribute": "fr-attr-str4", + "type": "simple", + }, + "frUnindexedString5": { + "ldapAttribute": "fr-attr-str5", + "type": "simple", + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple", + }, + "groups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-groups", + "primaryKey": "cn", + "resourcePath": "managed/bravo_group", + "type": "reference", + }, + "kbaInfo": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-kbaInfo", + "type": "json", + }, + "lastSync": { + "ldapAttribute": "fr-idm-lastSync", + "type": "json", + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple", + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/bravo_user", + "type": "reference", + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + "memberOfOrgIDs": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-memberoforgid", + "type": "simple", + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple", + }, + "postalAddress": { + "ldapAttribute": "street", + "type": "simple", + }, + "postalCode": { + "ldapAttribute": "postalCode", + "type": "simple", + }, + "preferences": { + "ldapAttribute": "fr-idm-preferences", + "type": "json", + }, + "profileImage": { + "ldapAttribute": "labeledURI", + "type": "simple", + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/bravo_role", + "type": "reference", + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple", + }, + "stateProvince": { + "ldapAttribute": "st", + "type": "simple", + }, + "telephoneNumber": { + "ldapAttribute": "telephoneNumber", + "type": "simple", + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple", + }, + }, + }, + "managed/bravo_usermeta": { + "dnTemplate": "ou=usermeta,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + }, + }, + "managed/teammembermeta": { + "dnTemplate": "ou=teammembermeta,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/teammember", + "type": "reverseReference", + }, + }, + }, + "reconprogressstate": { + "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=example,dc=com", + }, + "relationships": { + "dnTemplate": "ou=relationships,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-relationship-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", + "objectClasses": [ + "uidObject", + "fr-idm-relationship", + ], + }, + "scheduler": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", + }, + "scheduler/*": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", + }, + "ui/*": { + "dnTemplate": "ou=ui,dc=openidm,dc=example,dc=com", + }, + "updates": { + "dnTemplate": "ou=updates,dc=openidm,dc=example,dc=com", + }, + }, + }, + "rest2LdapOptions": { + "mvccAttribute": "etag", + "readOnUpdatePolicy": "controls", + "returnNullForMissingProperties": true, + "useMvcc": true, + "usePermissiveModify": true, + "useSubtreeDelete": true, + }, + "security": { + "keyManager": "jvm", + "trustManager": "jvm", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/router.idm.json 1`] = ` +{ + "idm": { + "router": { + "_id": "router", + "filters": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/script.idm.json 1`] = ` +{ + "idm": { + "script": { + "ECMAScript": { + "#javascript.debug": "&{openidm.script.javascript.debug}", + "javascript.recompile.minimumInterval": 60000, + }, + "Groovy": { + "#groovy.disabled.global.ast.transformations": "", + "#groovy.errors.tolerance": 10, + "#groovy.output.debug": false, + "#groovy.output.verbose": false, + "#groovy.script.base": "#any class extends groovy.lang.Script", + "#groovy.script.extension": ".groovy", + "#groovy.source.encoding": "utf-8 #default US-ASCII", + "#groovy.target.bytecode": "1.5", + "#groovy.target.indy": true, + "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", + "groovy.classpath": "&{idm.install.dir}/lib", + "groovy.recompile": true, + "groovy.recompile.minimumInterval": 60000, + "groovy.source.encoding": "UTF-8", + "groovy.target.directory": "&{idm.install.dir}/classes", + }, + "_id": "script", + "properties": {}, + "sources": { + "default": { + "directory": "&{idm.install.dir}/bin/defaults/script", + }, + "install": { + "directory": "&{idm.install.dir}", + }, + "project": { + "directory": "&{idm.instance.dir}", + }, + "project-script": { + "directory": "&{idm.instance.dir}/script", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/secrets.idm.json 1`] = ` +{ + "idm": { + "secrets": { + "_id": "secrets", + "populateDefaults": true, + "stores": [ + { + "class": "org.forgerock.openidm.secrets.config.FileBasedStore", + "config": { + "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", + "mappings": [ + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + "openidm-localhost", + ], + "secretId": "idm.default", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.config.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.password.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.https.keystore.cert.alias|openidm-localhost}", + ], + "secretId": "idm.jwt.session.module.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", + ], + "secretId": "idm.jwt.session.module.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "selfservice", + ], + "secretId": "idm.selfservice.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", + ], + "secretId": "idm.selfservice.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.assignment.attribute.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + ], + "providerName": "&{openidm.keystore.provider|SunJCE}", + "storePassword": "&{openidm.keystore.password|changeit}", + "storetype": "&{openidm.keystore.type|JCEKS}", + }, + "name": "mainKeyStore", + }, + { + "class": "org.forgerock.openidm.secrets.config.FileBasedStore", + "config": { + "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", + "mappings": [], + "providerName": "&{openidm.truststore.provider|SUN}", + "storePassword": "&{openidm.truststore.password|changeit}", + "storetype": "&{openidm.truststore.type|JKS}", + }, + "name": "mainTrustStore", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.kba.idm.json 1`] = ` +{ + "idm": { + "selfservice.kba": { + "_id": "selfservice.kba", + "kbaPropertyName": "kbaInfo", + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "questions": { + "1": { + "en": "What's your favorite color?", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.terms.idm.json 1`] = ` +{ + "idm": { + "selfservice.terms": { + "_id": "selfservice.terms", + "active": "0.0", + "uiConfig": { + "buttonText": "Accept", + "displayName": "We've updated our terms", + "purpose": "You must accept the updated terms in order to proceed.", + }, + "versions": [ + { + "createDate": "2019-10-28T04:20:11.320Z", + "termsTranslations": { + "en": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.", + }, + "version": "0.0", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/cors.idm.json 1`] = ` +{ + "idm": { + "servletfilter/cors": { + "_id": "servletfilter/cors", + "initParams": { + "allowCredentials": false, + "allowedHeaders": "authorization,accept,content-type,origin,x-requested-with,cache-control,accept-api-version,if-match,if-none-match", + "allowedMethods": "GET,POST,PUT,DELETE,PATCH", + "allowedOrigins": "*", + "chainPreflight": false, + "exposedHeaders": "WWW-Authenticate", + }, + "urlPatterns": [ + "/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/payload.idm.json 1`] = ` +{ + "idm": { + "servletfilter/payload": { + "_id": "servletfilter/payload", + "initParams": { + "maxRequestSizeInMegabytes": 5, + }, + "urlPatterns": [ + "&{openidm.servlet.alias}/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/upload.idm.json 1`] = ` +{ + "idm": { + "servletfilter/upload": { + "_id": "servletfilter/upload", + "initParams": { + "maxRequestSizeInMegabytes": 50, + }, + "urlPatterns": [ + "&{openidm.servlet.upload.alias}/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/admin.idm.json 1`] = ` +{ + "idm": { + "ui.context/admin": { + "_id": "ui.context/admin", + "defaultDir": "&{idm.install.dir}/ui/admin/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/admin/extension", + "responseHeaders": { + "X-Frame-Options": "SAMEORIGIN", + }, + "urlContextRoot": "/admin", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/api.idm.json 1`] = ` +{ + "idm": { + "ui.context/api": { + "_id": "ui.context/api", + "authEnabled": true, + "cacheEnabled": false, + "defaultDir": "&{idm.install.dir}/ui/api/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/api/extension", + "urlContextRoot": "/api", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/enduser.idm.json 1`] = ` +{ + "idm": { + "ui.context/enduser": { + "_id": "ui.context/enduser", + "defaultDir": "&{idm.install.dir}/ui/enduser", + "enabled": true, + "responseHeaders": { + "X-Frame-Options": "DENY", + }, + "urlContextRoot": "/", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/oauth.idm.json 1`] = ` +{ + "idm": { + "ui.context/oauth": { + "_id": "ui.context/oauth", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/oauth/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/oauth/extension", + "urlContextRoot": "/oauthReturn", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/configuration.idm.json 1`] = ` +{ + "idm": { + "ui/configuration": { + "_id": "ui/configuration", + "configuration": { + "defaultNotificationType": "info", + "forgotUsername": false, + "lang": "en", + "notificationTypes": { + "error": { + "iconPath": "images/notifications/error.png", + "name": "common.notification.types.error", + }, + "info": { + "iconPath": "images/notifications/info.png", + "name": "common.notification.types.info", + }, + "warning": { + "iconPath": "images/notifications/warning.png", + "name": "common.notification.types.warning", + }, + }, + "passwordReset": true, + "passwordResetLink": "", + "platformSettings": { + "adminOauthClient": "idmAdminClient", + "adminOauthClientScopes": "fr:idm:*", + "amUrl": "/am", + "loginUrl": "", + }, + "roles": { + "internal/role/openidm-admin": "ui-admin", + "internal/role/openidm-authorized": "ui-user", + }, + "selfRegistration": true, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/dashboard.idm.json 1`] = ` +{ + "idm": { + "ui/dashboard": { + "_id": "ui/dashboard", + "adminDashboards": [ + { + "isDefault": true, + "name": "Quick Start", + "widgets": [ + { + "cards": [ + { + "href": "#resource/managed/alpha_user/list/", + "icon": "fa-user", + "name": "Manage Users", + }, + { + "href": "#resource/managed/alpha_role/list/", + "icon": "fa-check-square-o", + "name": "Manage Roles", + }, + { + "href": "#connectors/add/", + "icon": "fa-database", + "name": "Add Connector", + }, + { + "href": "#mapping/add/", + "icon": "fa-map-marker", + "name": "Create Mapping", + }, + { + "href": "#managed/add/", + "icon": "fa-tablet", + "name": "Add Device", + }, + { + "href": "#settings/", + "icon": "fa-user", + "name": "Configure System Preferences", + }, + ], + "size": "large", + "type": "quickStart", + }, + ], + }, + { + "isDefault": false, + "name": "System Monitoring", + "widgets": [ + { + "legendRange": { + "month": [ + 500, + 2500, + 5000, + ], + "week": [ + 10, + 30, + 90, + 270, + 810, + ], + "year": [ + 10000, + 40000, + 100000, + 250000, + ], + }, + "maxRange": "#24423c", + "minRange": "#b0d4cd", + "size": "large", + "type": "audit", + }, + { + "size": "large", + "type": "clusterStatus", + }, + { + "size": "large", + "type": "systemHealthFull", + }, + { + "barchart": "false", + "size": "large", + "type": "lastRecon", + }, + ], + }, + { + "isDefault": false, + "name": "Resource Report", + "widgets": [ + { + "selected": "activeUsers", + "size": "x-small", + "type": "counter", + }, + { + "selected": "rolesEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "activeConnectors", + "size": "x-small", + "type": "counter", + }, + { + "size": "large", + "type": "resourceList", + }, + ], + }, + { + "isDefault": false, + "name": "Business Report", + "widgets": [ + { + "graphType": "fa-pie-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "signIns", + "widgetTitle": "Sign-Ins", + }, + { + "graphType": "fa-bar-chart", + "size": "x-small", + "type": "passwordResets", + "widgetTitle": "Password Resets", + }, + { + "graphType": "fa-line-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "newRegistrations", + "widgetTitle": "New Registrations", + }, + { + "size": "x-small", + "timezone": { + "hours": "07", + "minutes": "00", + "negative": true, + }, + "type": "socialLogin", + }, + { + "selected": "socialEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "manualRegistrations", + "size": "x-small", + "type": "counter", + }, + ], + }, + ], + "dashboard": { + "widgets": [ + { + "size": "large", + "type": "Welcome", + }, + ], + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/profile.idm.json 1`] = ` +{ + "idm": { + "ui/profile": { + "_id": "ui/profile", + "tabs": [ + { + "name": "personalInfoTab", + "view": "org/forgerock/openidm/ui/user/profile/personalInfo/PersonalInfoTab", + }, + { + "name": "signInAndSecurity", + "view": "org/forgerock/openidm/ui/user/profile/signInAndSecurity/SignInAndSecurityTab", + }, + { + "name": "preference", + "view": "org/forgerock/openidm/ui/user/profile/PreferencesTab", + }, + { + "name": "trustedDevice", + "view": "org/forgerock/openidm/ui/user/profile/TrustedDevicesTab", + }, + { + "name": "oauthApplication", + "view": "org/forgerock/openidm/ui/user/profile/OauthApplicationsTab", + }, + { + "name": "privacyAndConsent", + "view": "org/forgerock/openidm/ui/user/profile/PrivacyAndConsentTab", + }, + { + "name": "sharing", + "view": "org/forgerock/openidm/ui/user/profile/uma/SharingTab", + }, + { + "name": "auditHistory", + "view": "org/forgerock/openidm/ui/user/profile/uma/ActivityTab", + }, + { + "name": "accountControls", + "view": "org/forgerock/openidm/ui/user/profile/accountControls/AccountControlsTab", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/themeconfig.idm.json 1`] = ` +{ + "idm": { + "ui/themeconfig": { + "_id": "ui/themeconfig", + "icon": "favicon.ico", + "path": "", + "settings": { + "footer": { + "mailto": "info@forgerock.com", + }, + "loginLogo": { + "alt": "ForgeRock", + "height": "104px", + "src": "images/login-logo-dark.png", + "title": "ForgeRock", + "width": "210px", + }, + "logo": { + "alt": "ForgeRock", + "src": "images/logo-horizontal-white.png", + "title": "ForgeRock", + }, + }, + "stylesheets": [ + "css/bootstrap-3.4.1-custom.css", + "css/structure.css", + "css/theme.css", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/uilocale/fr.idm.json 1`] = ` +{ + "idm": { + "uilocale/fr": { + "_id": "uilocale/fr", + "admin": { + "overrides": { + "AppLogoURI": "URI du logo de l’application", + "EmailAddress": "Adresse e-mail", + "Name": "Nom", + "Owners": "Les propriétaires", + }, + "sideMenu": { + "securityQuestions": "Questions de sécurité", + }, + }, + "enduser": { + "overrides": { + "FirstName": "Prénom", + "LastName": "Nom de famille", + }, + "pages": { + "dashboard": { + "widgets": { + "welcome": { + "greeting": "Bonjour", + }, + }, + }, + }, + }, + "login": { + "login": { + "next": "Suivant", + }, + "overrides": { + "Password": "Mot de passe", + "UserName": "Nom d'utilisateur", + }, + }, + "shared": { + "sideMenu": { + "dashboard": "Tableau de bord", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/undefined.idm.json 1`] = ` +{ + "idm": { + "undefined": { + "_id": "undefined", + "mapping": { + "mapping/managedBravo_user_managedBravo_user0": { + "_id": "mapping/managedBravo_user_managedBravo_user0", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user0", + "icon": null, + "name": "managedBravo_user_managedBravo_user0", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "target": "managed/bravo_user", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-admin.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-admin": { + "_id": "openidm-admin", + "condition": null, + "description": "Administrative access", + "name": "openidm-admin", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-authorized.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-authorized": { + "_id": "openidm-authorized", + "condition": null, + "description": "Basic minimum user", + "name": "openidm-authorized", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-cert.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-cert": { + "_id": "openidm-cert", + "condition": null, + "description": "Authenticated via certificate", + "name": "openidm-cert", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-reg.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-reg": { + "_id": "openidm-reg", + "condition": null, + "description": "Anonymous access", + "name": "openidm-reg", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-tasks-manager.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-tasks-manager": { + "_id": "openidm-tasks-manager", + "condition": null, + "description": "Allowed to reassign workflow tasks", + "name": "openidm-tasks-manager", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/platform-provisioning.internalRole.json 1`] = ` +{ + "internalRole": { + "platform-provisioning": { + "_id": "platform-provisioning", + "condition": null, + "description": "Platform provisioning access", + "name": "platform-provisioning", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/test-internal-role.internalRole.json 1`] = ` +{ + "internalRole": { + "ccb11ba1-333b-4197-95db-89bb08a2ab56": { + "_id": "ccb11ba1-333b-4197-95db-89bb08a2ab56", + "condition": "/description co "somerandomstring"", + "description": "A test internal role", + "name": "test-internal-role", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "cn", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "profileImage", + "readOnly": true, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": true, + }, + { + "attribute": "telephoneNumber", + "readOnly": true, + }, + { + "attribute": "postalAddress", + "readOnly": true, + }, + { + "attribute": "city", + "readOnly": true, + }, + { + "attribute": "postalCode", + "readOnly": true, + }, + { + "attribute": "country", + "readOnly": true, + }, + { + "attribute": "stateProvince", + "readOnly": true, + }, + { + "attribute": "roles", + "readOnly": true, + }, + { + "attribute": "assignments", + "readOnly": true, + }, + { + "attribute": "groups", + "readOnly": true, + }, + { + "attribute": "applications", + "readOnly": true, + }, + { + "attribute": "manager", + "readOnly": true, + }, + { + "attribute": "authzRoles", + "readOnly": true, + }, + { + "attribute": "reports", + "readOnly": true, + }, + { + "attribute": "effectiveRoles", + "readOnly": true, + }, + { + "attribute": "effectiveAssignments", + "readOnly": true, + }, + { + "attribute": "effectiveGroups", + "readOnly": true, + }, + { + "attribute": "effectiveApplications", + "readOnly": true, + }, + { + "attribute": "lastSync", + "readOnly": true, + }, + { + "attribute": "kbaInfo", + "readOnly": true, + }, + { + "attribute": "preferences", + "readOnly": true, + }, + { + "attribute": "consentedMappings", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + { + "attribute": "ownerOfApp", + "readOnly": true, + }, + { + "attribute": "frIndexedString1", + "readOnly": true, + }, + { + "attribute": "frIndexedString2", + "readOnly": true, + }, + { + "attribute": "frIndexedString3", + "readOnly": true, + }, + { + "attribute": "frIndexedString4", + "readOnly": true, + }, + { + "attribute": "frIndexedString5", + "readOnly": true, + }, + { + "attribute": "frUnindexedString1", + "readOnly": true, + }, + { + "attribute": "frUnindexedString2", + "readOnly": true, + }, + { + "attribute": "frUnindexedString3", + "readOnly": true, + }, + { + "attribute": "frUnindexedString4", + "readOnly": true, + }, + { + "attribute": "frUnindexedString5", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued1", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued2", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued3", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued4", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued5", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued1", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued2", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued3", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued4", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued5", + "readOnly": true, + }, + { + "attribute": "frIndexedDate1", + "readOnly": true, + }, + { + "attribute": "frIndexedDate2", + "readOnly": true, + }, + { + "attribute": "frIndexedDate3", + "readOnly": true, + }, + { + "attribute": "frIndexedDate4", + "readOnly": true, + }, + { + "attribute": "frIndexedDate5", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate1", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate2", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate3", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate4", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate5", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger1", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger2", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger3", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger4", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger5", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger1", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger2", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger3", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger4", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger5", + "readOnly": true, + }, + { + "attribute": "assignedDashboard", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/userName co "test"", + "name": "Alpha realm - Users", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "UPDATE", + "CREATE", + ], + }, + ], + "temporalConstraints": [ + { + "duration": "2024-11-04T12:45:00.000Z/2100-12-01T12:45:00.000Z", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_assignment_managedBravo_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedAlpha_assignment_managedBravo_assignment": { + "_id": "mapping/managedAlpha_assignment_managedBravo_assignment", + "consentRequired": false, + "displayName": "managedAlpha_assignment_managedBravo_assignment", + "icon": null, + "name": "managedAlpha_assignment_managedBravo_assignment", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/alpha_assignment", + "target": "managed/bravo_assignment", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_user_systemAzureUser.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedAlpha_user_systemAzureUser": { + "_id": "mapping/managedAlpha_user_systemAzureUser", + "consentRequired": false, + "defaultSourceFields": [ + "*", + "assignments", + ], + "defaultTargetFields": [ + "*", + "memberOf", + "__roles__", + "__servicePlanIds__", + ], + "displayName": "managedAlpha_user_systemAzureUser", + "icon": null, + "name": "managedAlpha_user_systemAzureUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "SOURCE_TARGET_CONFLICT", + }, + { + "action": "INCORPORATE_CHANGES", + "situation": "TARGET_CHANGED", + }, + ], + "properties": [ + { + "source": "mail", + "target": "mail", + }, + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "sn", + "target": "surname", + }, + { + "source": "", + "target": "displayName", + "transform": { + "source": "source.givenName+" "+source.sn", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "mailNickname", + "transform": { + "source": "source.givenName[0].toLowerCase()+source.sn.toLowerCase()", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "accountEnabled", + "transform": { + "source": "true", + "type": "text/javascript", + }, + }, + { + "condition": { + "globals": {}, + "source": "(typeof oldTarget === 'undefined' || oldTarget === null)", + "type": "text/javascript", + }, + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": ""!@#$%"[Math.floor(Math.random()*5)] + Math.random().toString(36).slice(2, 13).toUpperCase()+Math.random().toString(36).slice(2,13)", + "type": "text/javascript", + }, + }, + ], + "queuedSync": { + "enabled": true, + "maxRetries": 0, + "pollingInterval": 10000, + }, + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or lastSync/managedAlpha_user_systemAzureUser pr or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", + }, + "target": "system/Azure/User", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_group_managedBravo_group.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedBravo_group_managedBravo_group": { + "_id": "mapping/managedBravo_group_managedBravo_group", + "consentRequired": false, + "displayName": "managedBravo_group_managedBravo_group", + "icon": null, + "name": "managedBravo_group_managedBravo_group", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_group", + "target": "managed/bravo_group", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_user_managedBravo_user0.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedBravo_user_managedBravo_user0": { + "_id": "mapping/managedBravo_user_managedBravo_user0", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user0", + "icon": null, + "name": "managedBravo_user_managedBravo_user0", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "target": "managed/bravo_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/mapping12.mapping.json 1`] = ` +{ + "mapping": { + "mapping/mapping12": { + "_id": "mapping/mapping12", + "consentRequired": false, + "displayName": "mapping12", + "linkQualifiers": [], + "name": "mapping12", + "policies": [], + "properties": [], + "source": "managed/bravo_user", + "syncAfter": [], + "target": "managed/bravo_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzure__group___managedAlpha_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzure__group___managedAlpha_assignment": { + "_id": "mapping/systemAzure__group___managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzure__group___managedAlpha_assignment", + "icon": null, + "name": "systemAzure__group___managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type", + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", + "type": "text/javascript", + }, + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping", + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[ + { + 'name': 'memberOf', + 'value': [source] + } +]", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure___GROUP___", + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript", + }, + }, + ], + "source": "system/Azure/__GROUP__", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "memberOf"]", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureDirectoryrole_managedAlpha_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzureDirectoryrole_managedAlpha_assignment": { + "_id": "mapping/systemAzureDirectoryrole_managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzureDirectoryrole_managedAlpha_assignment", + "icon": null, + "name": "systemAzureDirectoryrole_managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type", + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", + "type": "text/javascript", + }, + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping", + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[ + { + 'name': '__roles__', + 'value': [source] + } +]", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure_directoryRole_", + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript", + }, + }, + ], + "source": "system/Azure/directoryRole", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__roles__"]", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureServiceplan_managedAlpha_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzureServiceplan_managedAlpha_assignment": { + "_id": "mapping/systemAzureServiceplan_managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzureServiceplan_managedAlpha_assignment", + "icon": null, + "name": "systemAzureServiceplan_managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type", + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", + "type": "text/javascript", + }, + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping", + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[ + { + 'name': '__servicePlanIds__', + 'value': [source] + } +]", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure_servicePlan_", + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript", + }, + }, + ], + "source": "system/Azure/servicePlan", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__servicePlanIds__"]", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureUser_managedAlpha_user.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzureUser_managedAlpha_user": { + "_id": "mapping/systemAzureUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq "' + source.mail + '"'}; qry", + "type": "text/javascript", + }, + ], + "defaultSourceFields": [ + "*", + "memberOf", + "__roles__", + "__servicePlanIds__", + ], + "defaultTargetFields": [ + "*", + "assignments", + ], + "displayName": "systemAzureUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemAzureUser", + "name": "systemAzureUser_managedAlpha_user", + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ONBOARD", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "SOURCE_TARGET_CONFLICT", + }, + ], + "properties": [ + { + "referencedObjectType": "__GROUP__", + "source": "memberOf", + "target": "assignments", + }, + { + "referencedObjectType": "directoryRole", + "source": "__roles__", + "target": "assignments", + }, + { + "referencedObjectType": "servicePlan", + "source": "__servicePlanIds__", + "target": "assignments", + }, + ], + "reconSourceQueryPageSize": 999, + "reconSourceQueryPaging": true, + "runTargetPhase": false, + "source": "system/Azure/User", + "sourceQueryFullEntry": true, + "target": "managed/alpha_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-admin-token.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-admin-token": { + "_id": "esv-admin-token", + "activeVersion": "1", + "description": "Long-lived admin token", + "encoding": "generic", + "lastChangeDate": "2024-03-20T14:46:13.461793Z", + "lastChangedBy": "ba58ff99-76d3-4c69-9c4a-7f150ac70e2c", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-brando-pingone.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-brando-pingone": { + "_id": "esv-brando-pingone", + "activeVersion": "4", + "description": "This is to show the connection between PingOne and AIC. ", + "encoding": "generic", + "lastChangeDate": "2024-06-24T00:44:06.154598Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "4", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test1.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-secret-import-test1": { + "_id": "esv-secret-import-test1", + "activeVersion": "1", + "description": "Secret Import Test 1", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:13.904591Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test2.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-secret-import-test2": { + "_id": "esv-secret-import-test2", + "activeVersion": "1", + "description": "Secret Import Test 2", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:41.914076Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret": { + "_id": "esv-test-secret", + "activeVersion": "1", + "description": "This is a test secret containing a simple string value.", + "encoding": "generic", + "lastChangeDate": "2024-07-05T17:53:53.682578Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-cert-pem": { + "_id": "esv-test-secret-cert-pem", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file.", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:48:49.005574Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem-raw.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-cert-pem-raw": { + "_id": "esv-test-secret-cert-pem-raw", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file (raw).", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:49:20.270526Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-euler.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-euler": { + "_id": "esv-test-secret-euler", + "activeVersion": "1", + "description": "A test secret containing the value of Euler's number", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:27:34.607038Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-file-base64hmac": { + "_id": "esv-test-secret-file-base64hmac", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file.", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:46:37.42544Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac-raw.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-file-base64hmac-raw": { + "_id": "esv-test-secret-file-base64hmac-raw", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file (raw).", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:47:03.695151Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-pi": { + "_id": "esv-test-secret-pi", + "activeVersion": "1", + "description": "Secret that contains the value of pi", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:22:28.519043Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi-generic.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-pi-generic": { + "_id": "esv-test-secret-pi-generic", + "activeVersion": "3", + "description": "", + "encoding": "generic", + "lastChangeDate": "2024-07-15T03:20:09.136266Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "3", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-volkers-test-secret.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-volkers-test-secret": { + "_id": "esv-volkers-test-secret", + "activeVersion": "10", + "description": "Volker's test secret", + "encoding": "generic", + "lastChangeDate": "2024-06-26T01:37:06.116117Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "10", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/CorsService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "CorsService": { + "_id": "", + "_type": { + "_id": "CorsService", + "collection": false, + "name": "CORS Service", + }, + "enabled": true, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/dashboard.service.json 1`] = ` +{ + "meta": Any, + "service": { + "dashboard": { + "_id": "", + "_type": { + "_id": "dashboard", + "collection": false, + "name": "Dashboard", + }, + "defaults": { + "assignedDashboard": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Google", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "Google", + "icfIdentifier": "idm magic 34", + "icon": "images/logos/googleplus.png", + "login": "http://www.google.com", + "name": "Google", + }, + { + "_id": "SalesForce", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "SalesForce", + "icfIdentifier": "idm magic 12", + "icon": "images/logos/salesforce.png", + "login": "http://www.salesforce.com", + "name": "SalesForce", + }, + { + "_id": "ZenDesk", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "ZenDesk", + "icfIdentifier": "idm magic 56", + "icon": "images/logos/zendesk.png", + "login": "http://www.ZenDesk.com", + "name": "ZenDesk", + }, + { + "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "BookmarkApplicationClass", + "displayName": "Google", + "icon": "app-bookmark.svg", + "login": "https://www.google.com/", + "name": "Google", + }, + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/AlphaUser2GoogleApps.sync.json 1`] = ` +{ + "_id": "sync/AlphaUser2GoogleApps", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "__NAME__", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "AlphaUser2GoogleApps", + "type": "text/javascript", + }, + ], + "displayName": "AlphaUser2GoogleApps", + "enableSync": { + "$bool": "&{esv.gac.enable.mapping}", + }, + "icon": null, + "name": "AlphaUser2GoogleApps", + "onCreate": { + "globals": {}, + "source": "target.orgUnitPath = "/NewAccounts";", + "type": "text/javascript", + }, + "onUpdate": { + "globals": {}, + "source": "//testing1234 +target.givenName = oldTarget.givenName; +target.familyName = oldTarget.familyName; +target.__NAME__ = oldTarget.__NAME__;", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "UNLINK", + "situation": "SOURCE_MISSING", + }, + { + "action": { + "globals": {}, + "source": "// Timing Constants +var ATTEMPT = 6; // Number of attempts to find the Google user. +var SLEEP_TIME = 500; // Milliseconds between retries. +var SYSTEM_ENDPOINT = "system/GoogleApps/__ACCOUNT__"; +var MAPPING_NAME = "AlphaUser2GoogleApps"; +var GOOGLE_DOMAIN = identityServer.getProperty("esv.gac.domain"); +var googleEmail = source.userName + "@" + GOOGLE_DOMAIN; +var frUserGUID = source._id; +var resultingAction = "ASYNC"; + +// Get the Google GUID +var linkQueryParams = {'_queryFilter': 'firstId eq "' + frUserGUID + '" and linkType eq "' + MAPPING_NAME + '"'}; +var linkResults = openidm.query("repo/link/", linkQueryParams, null); +var googleGUID; + +if (linkResults.resultCount === 1) { + googleGUID = linkResults.result[0].secondId; +} + +var queryResults; // Resulting query from looking for the Google user. +var params = {'_queryFilter': '__UID__ eq "' + googleGUID + '"'}; + +for (var i = 1; i <= ATTEMPT; i++) { + queryResults = openidm.query(SYSTEM_ENDPOINT, params); + if (queryResults.result && queryResults.result.length > 0) { + logger.info("idmlog: ---AlphaUser2GoogleApps - Missing->UPDATE - Result found in " + i + " attempts. Query result: " + JSON.stringify(queryResults)); + resultingAction = "UPDATE"; + break; + } + java.lang.Thread.sleep(SLEEP_TIME); // Wait before trying again. +} + +if (!queryResults.result || queryResults.resultCount === 0) { + logger.warn("idmlog: ---AlphaUser2GoogleApps - Missing->UNLINK - " + googleEmail + " not found after " + ATTEMPT + " attempts."); + resultingAction = "UNLINK"; +} +resultingAction; +", + "type": "text/javascript", + }, + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "IGNORE", + "situation": "UNQUALIFIED", + }, + { + "action": "IGNORE", + "situation": "UNASSIGNED", + }, + { + "action": "UNLINK", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "condition": { + "globals": {}, + "source": "object.custom_password_encrypted != null", + "type": "text/javascript", + }, + "source": "custom_password_encrypted", + "target": "__PASSWORD__", + "transform": { + "globals": {}, + "source": "openidm.decrypt(source);", + "type": "text/javascript", + }, + }, + { + "source": "cn", + "target": "__NAME__", + "transform": { + "globals": {}, + "source": "source + "@" + identityServer.getProperty("esv.gac.domain");", + "type": "text/javascript", + }, + }, + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "", + "target": "familyName", + "transform": { + "globals": {}, + "source": "if (source.frIndexedInteger1 > 2 && source.frIndexedInteger1 < 6) { + source.sn + " (Student)" +} else { + source.sn +}", + "type": "text/javascript", + }, + }, + ], + "queuedSync": { + "enabled": true, + "maxQueueSize": 20000, + "maxRetries": 5, + "pageSize": 100, + "pollingInterval": 1000, + "postRetryAction": "logged-ignore", + "retryDelay": 1000, + }, + "source": "managed/alpha_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + "managedAlpha_user_managedBravo_user", + "managedBravo_user_managedAlpha_user", + ], + "target": "system/GoogleApps/__ACCOUNT__", + "validSource": { + "globals": {}, + "source": "var isGoogleEligible = true; +//var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + " cn: " + source.cn + ") -"; +var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + ") -"; + +//Get Applicable userTypes (no Parent accounts) +if (source.frIndexedInteger1 !== 0 && source.frIndexedInteger1 !== 1 && source.frIndexedInteger1 !== 3 && source.frIndexedInteger1 !== 4 && source.frIndexedInteger1 !== 5) { + isGoogleEligible = false; + logMsg = logMsg + " Account type not eligible."; +} + +//Make sure the account has a valid encrypted password. +if (source.custom_password_encrypted == undefined || source.custom_password_encrypted == null) { + isGoogleEligible = false; + logMsg = logMsg + " No encrypted password yet."; +} + +//Check that CN exists and has no space. +if (source.cn && source.cn.includes(' ')) { + isGoogleEligible = false; + logMsg = logMsg + " CN with a space is not allowed."; +} + +if (!isGoogleEligible) { + logMsg = logMsg + " Not sent to Google." + logger.info(logMsg); +} + +if (isGoogleEligible) { + logMsg = logMsg + " Sent to Google." + logger.info(logMsg); +} + +isGoogleEligible; +", + "type": "text/javascript", + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedAlpha_user_managedBravo_user.sync.json 1`] = ` +{ + "_id": "sync/managedAlpha_user_managedBravo_user", + "consentRequired": true, + "displayName": "Test Mapping for Frodo", + "icon": null, + "name": "managedAlpha_user_managedBravo_user", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [ + { + "condition": { + "globals": {}, + "source": "console.log("Hello World!");", + "type": "text/javascript", + }, + "default": [ + "Default value string", + ], + "source": "accountStatus", + "target": "applications", + "transform": { + "globals": {}, + "source": "console.log("hello");", + "type": "text/javascript", + }, + }, + ], + "source": "managed/alpha_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + ], + "target": "managed/bravo_user", +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedBravo_user_managedAlpha_user.sync.json 1`] = ` +{ + "_id": "sync/managedBravo_user_managedAlpha_user", + "consentRequired": false, + "displayName": "Frodo test mapping", + "icon": null, "name": "managedBravo_user_managedAlpha_user", "policies": [ { @@ -364438,81 +371188,723 @@ exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --inclu org.forgerock.http.protocol.Response ); - // Always includes this field in the token. - accessToken.setField('key1', 'value1'); + // Always includes this field in the token. + accessToken.setField('key1', 'value1'); + + // Receives and adds to the access token additional values by performing a REST call to an external service. + // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example. + var uri = 'https://jsonplaceholder.typicode.com/posts'; + + try { + var request = new frJava.Request(); + + // You can chain methods that return the request object. + request.setUri(uri) + .setMethod('POST') + .setEntity(JSON.stringify({ + updatedFields: { + key2: 'value2', + key3: 'value3' + } + })); + + // You can call a method when chaining is not possible. + request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8'); + + // Sends the request and receives the response. + var response = httpClient.send(request).getOrThrow(); + + // Checks if the response status is as expected. + if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) { + var result = JSON.parse(response.getEntity().getString()); + + // Set multiple token fields at once. + accessToken.setFields(result.updatedFields); + } else { + logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString()); + } + } catch (e) { + logger.error('The request processing was interrupted. ' + e); + + // The access token request fails with the HTTP 500 error in this case. + throw ('Unable to obtain response from: ' + uri); + } + + // Adds new fields containing identity attribute values to the access token. + accessToken.setField('mail', identity.getAttribute('mail')); + accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]); + + // Adds new fields containing the session property values. + // NOTE: session may not be available for non-interactive authorization grants. + if (session) { + try { + accessToken.setField('ipAddress', session.getProperty('Host')); + } catch (e) { + logger.error('Unable to retrieve session property value. ' + e); + } + } + + // Removes a native field from the token entry, that was set by AM. + // WARNING: removing native fields from the token may result in loss of functionality. + // accessToken.removeTokenName() + + // No return value is expected. Let it be undefined. +}()); +*/ +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-OIDC-Claims-Script.script.json 1`] = ` +{ + "meta": Any, + "script": { + "3e31996b-4522-44a2-b360-0851cece3854": { + "_id": "3e31996b-4522-44a2-b360-0851cece3854", + "context": "OIDC_CLAIMS", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Default bravo realm script for OIDC claims", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Bravo OIDC Claims Script", + "script": "/* + * Copyright 2014-2021 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. + * The claim values are computed for: + * the claims derived from the requested scopes, + * the claims provided by the authorization server, + * and the claims requested by the client via the claims parameter. + * + * In the CONFIGURATION AND CUSTOMIZATION section, you can + * define the scope-to-claims mapping, and + * assign to each claim a resolver function that will compute the claim value. + * + * Defined variables (class references are provided below): + * scopes - Set (6). + * Always present, the requested scopes. + * claims - Map (5). + * Always present, default server provided claims. + * claimObjects - List (7, 2). + * Always present, the default server provided claims. + * requestedClaims - Map> (5). + * Always present, not empty if the request contains the claims parameter and the server has enabled + * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; + * requested claims with no requested values will have a key but no value in the map. A key with + * a single value in its Set (6) indicates that this is the only value that should be returned. + * requestedTypedClaims - List (7, 2). + * Always present, the requested claims. + * Requested claims with no requested values will have a claim with no values. + * A claim with a single value indicates this is the only value that should be returned. + * claimsLocales - List (7). + * The values from the 'claims_locales' parameter. + * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. + * requestProperties - Unmodifiable Map (5). + * Always present, contains a map of request properties: + * requestUri - The request URI. + * realm - The realm that the request relates to. + * requestParams - A map of the request params and/or posted data. + * Each value is a list of one or more properties. + * Please note that these should be handled in accordance with OWASP best practices: + * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. + * clientProperties - Unmodifiable Map (5). + * Present if the client specified in the request was identified, contains a map of client properties: + * clientId - The client's URI for the request locale. + * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. + * allowedResponseTypes - List of the allowed response types for the client. + * allowedScopes - List of the allowed scopes for the client. + * customProperties - A map of the custom properties of the client. + * Lists or maps will be included as sub-maps; for example: + * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. + * To add custom properties to a client, update the Custom Properties field + * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. + * identity - AMIdentity (3). + * Always present, the identity of the resource owner. + * session - SSOToken (4). + * Present if the request contains the session cookie, the user's session object. + * scriptName - String (primitive). + * Always present, the display name of the script. + * logger - Always present, the "OAuth2Provider" debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. + * httpClient - HTTP Client (8). + * Always present, the HTTP Client instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. + * In order to use the client, you may need to add + * org.forgerock.http.Client, + * org.forgerock.http.protocol.*, + * and org.forgerock.util.promise.PromiseImpl + * to the allowed Java classes in the scripting engine configuration, as described in: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html + * + * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. + * The result of the last statement in the script is returned to the server. + * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) + * is the last (and only) statement in this script, and its return value will become the script result. + * Do not use "return variable" statement outside of a function definition. + * See RESULTS section for additional details. + * + * Class reference: + * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. + * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). + * An instance of org.forgerock.openidconnect.Claim has methods to access + * the claim name, requested values, locale, and whether the claim is essential. + * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. + * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. + * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, + * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. + * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. + * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. + * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. +*/ + +(function () { + // SETUP + + /** + * Claim processing utilities. + * An object that contains reusable functions for processing claims. + * @see CLAIM PROCESSING UTILITIES section for details. + */ + var utils = getUtils(); + + // CONFIGURATION AND CUSTOMIZATION + + /** + * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. + * + * Call this configuration method, and pass in as the first argument + * an object that maps a scope value to an array of claim names + * to specify which claims need to be processed and returned for the requested scopes. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} + * for the scope values that could be used to request claims as defined in the OIDC specification. + * + * Below, find a default configuration that is expected to work in the current environment. + * + * CUSTOMIZATION + * You can choose the claim names returned for a scope. + */ + utils.setScopeClaimsMap({ + profile: [ + 'name', + 'family_name', + 'given_name', + 'zoneinfo', + 'locale' + ], + email: ['email'], + address: ['address'], + phone: ['phone_number'] + }); + + /** + * In this script, each claim + * derived from the requested scopes, + * provided by the authorization server, and + * requested by the client via the claims parameter + * will be processed by a function associated with the claim name. + * + * Call this configuration method, and pass in as the first argument + * an object that maps a claim name to a resolver function, + * which will be automatically executed for each claim processed by the script. + * + * The claim resolver function will receive the requested claim information + * in an instance of org.forgerock.openidconnect.Claim as the first argument. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} + * for details on the Claim class. + * + * If the claim resolver function returns a value, + * other than undefined or null, + * the claim will be included in the script's results. + * + * The Claim instance provides methods to check + * what the name of the claim is, + * which values the claim request contains, + * whether the claim is essential, and + * which locale the claim is associated with. + * The resolver function can consider this information when computing and returning the claim value. + * + * Below, find a default configuration that is expected to work in the current environment. + * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), + * is called to return a claim resolver function based on a user profile attribute. + * @see CLAIM RESOLVERS section for the implementation details and examples. + * For the address claim, an example of a claim resolver that uses another claim resolver is provided. + * + * CUSTOMIZATION + * You can reuse the predefined utils methods with your custom arguments. + * You can also specify a custom resolver function for a claim name, + * that will compute and return the claim value—as shown in the commented out example below. + */ + utils.setClaimResolvers({ + /* + // An example of a simple claim resolver function that is defined for a claim + // directly in the configuration object: + custom-claim-name: function (requestedClaim) { + // In this case, initially, the claim value comes straight from a user profile attribute value: + var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] + + // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. + // You can use: + // requestedClaim.getName() + // requestedClaim.getValues() + // requestedClaim.getLocale() + // requestedClaim.isEssential() + + return claimValue + }, + */ + /** + * The use of utils.getUserProfileClaimResolver shows how + * an argument passed to a function that returns a claim resolver + * becomes available to the resolver function (via its lexical context). + */ + name: utils.getUserProfileClaimResolver('cn'), + family_name: utils.getUserProfileClaimResolver('sn'), + given_name: utils.getUserProfileClaimResolver('givenname'), + zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), + locale: utils.getUserProfileClaimResolver('preferredlocale'), + email: utils.getUserProfileClaimResolver('mail'), + address: utils.getAddressClaimResolver( + /** + * The passed in user profile claim resolver function + * can be used by the address claim resolver function + * to obtain the claim value to be formatted as per the OIDC specification: + * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. + */ + utils.getUserProfileClaimResolver('postaladdress') + ), + phone_number: utils.getUserProfileClaimResolver('telephonenumber') + }); + + // CLAIM PROCESSING UTILITIES + + /** + * @returns {object} An object that contains reusable claim processing utilities. + * @see PUBLIC METHODS section and the return statement for the list of exported functions. + */ + function getUtils () { + // IMPORT JAVA + + /** + * Provides Java scripting functionality. + * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. + */ + var frJava = JavaImporter( + org.forgerock.oauth2.core.exceptions.InvalidRequestException, + org.forgerock.oauth2.core.UserInfoClaims, + org.forgerock.openidconnect.Claim, + + java.util.LinkedHashMap, + java.util.ArrayList + ); + + // SET UP CONFIGURATION + + /** + * Placeholder for a configuration option that contains + * an object that maps the supported scope values (scopes) + * and the corresponding claim names for each scope value. + */ + var scopeClaimsMap; + + /** + * Placeholder for a configuration option that contains + * an object that maps the supported claim names + * and the resolver functions returning the claim value. + */ + var claimResolvers; + + /** + * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, + * and assigns it to a (private) variable that serves as a configuration option. + * @param {object} params - An object that maps each supported scope value to an array of claim names, + * in order to specify which claims need to be processed for the requested scopes. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. + * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. + * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. + * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. + * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. + * @returns {undefined} + */ + function setScopeClaimsMap(params) { + scopeClaimsMap = params; + } + + /** + * A (public) method that accepts an object that maps the supported claim names + * and the resolver functions returning the claim value, + * and assigns it to a (private) variable that serves as a configuration option. + * @param {object} params - An object that maps + * each supported claim name to a function that computes and returns the claim value. + */ + function setClaimResolvers(params) { + claimResolvers = params; + } + + // CLAIM RESOLVERS + + /** + * Claim resolvers are functions that return a claim value. + * @param {*} + * @returns {*} + */ + + /** + * Defines a claim resolver based on a user profile attribute. + * @param {string} attributeName - Name of the user profile attribute. + * @returns {function} A function that will determine the claim value + * based on the user profile attribute and the (requested) claim properties. + */ + function getUserProfileClaimResolver (attributeName) { + /** + * Resolves a claim with a user profile attribute value. + * Returns undefined if the identity attribute is not populated, + * OR if the claim has requested values that do not contain the identity attribute value. + * ATTENTION: the aforementioned comparison is case-sensitive. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {string|HashSet|undefined} + */ + function resolveClaim(claim) { + var userProfileValue; + + if (identity) { + userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); + + if (userProfileValue && !userProfileValue.isEmpty()) { + if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { + return userProfileValue; + } + } + } + } + + return resolveClaim; + } + + /** + * Returns an address claim resolver based on a claim value obtained with another claim resolver. + * @param {function} resolveClaim - A function that returns a claim value. + * @returns {function} A function that will accept a claim as an argument, + * run the claim resolver function for the claim and obtain the claim value, + * and apply additional formatting to the value before returning it. + */ + function getAddressClaimResolver (resolveClaim) { + /** + * Creates an address claim object from a value returned by a claim resolver, + * and returns the address claim object as the claim value. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. + * The claim value is obtained with a claim resolving function available from the closure. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. + */ + function resolveAddressClaim(claim) { + var claimValue = resolveClaim(claim); + var addressObject; + + if (isClaimValueValid(claimValue)) { + addressObject = new frJava.LinkedHashMap(); + + addressObject.put('formatted', claimValue); + + return addressObject; + } + } + + return resolveAddressClaim; + } + + /** + * Returns an essential claim resolver based on a claim value obtained with another claim resolver. + * @param {function} resolveClaim - A function that returns a claim value. + * @returns {function} A function that will accept a claim as an argument, + * run the claim resolver function for the claim and obtain the claim value, + * and apply additional logic for essential claims. + */ + function getEssentialClaimResolver (resolveClaim) { + /** + * Returns a claim value or throws an error. + * The claim value is obtained with a claim resolving function available from the closure. + * Throws an exception if the claim is essential and no value is returned for the claim. + * + * Use of this resolver is optional. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: + * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, + * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, + * unless otherwise specified in the description of the specific claim." + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} + * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} + */ + function resolveEssentialClaim(claim) { + var claimValue = resolveClaim(claim); + + if (claim.isEssential() && !isClaimValueValid(claimValue)) { + throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); + } + + return claimValue; + } + + return resolveEssentialClaim; + } + + /** + * Provides default resolution for a claim. + * Use it if a claim-specific resolver is not defined in the configuration. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} A single value associated with this claim. + */ + function resolveAnyClaim (claim) { + if (claim.getValues().size() === 1) { + return claim.getValues().toArray()[0]; + } + } + + // UTILITIES + + /** + * Returns claim value from a set. + * If the set contains a single value, returns the value. + * If the set contains multiple values, returns the set. + * Otherwise, returns undefined. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @param {java.util.HashSet} set The set—for example, a user profile attribute value. + * @returns {string|java.util.HashSet|undefined} + */ + function getClaimValueFromSet (claim, set) { + if (set && set.size()) { + if (set.size() === 1) { + return set.toArray()[0]; + } else { + return set; + } + } else if (logger.warningEnabled()) { + logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); + } + } + + function isClaimValueValid (claimValue) { + if (typeof claimValue === 'undefined' || claimValue === null) { + return false; + } + + return true; + } + + // CLAIM PROCESSING + + /** + * Constructs and returns an object populated with the computed claim values + * and the requested scopes mapped to the claim names. + * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * @see RESULTS section for the use of this function. + */ + function getUserInfoClaims () { + return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); + } + + /** + * Creates a map of (requested) claim names populated with the computed claim values. + * @returns {java.util.LinkedHashMap} + * A map of the requested claim names and the corresponding claim values. + */ + function getComputedClaims () { + /** + * Creates a complete list of claim objects from: + * the claims derived from the scopes, + * the claims provided by the authorization server, + * and the claims requested by the client. + * @returns {java.util.ArrayList} + * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function getClaims() { + /** + * Returns a list of claim objects for the requested scopes. + * Uses the scopeClaimsMap configuration option to derive the claim names; + * no other properties of a claim derived from a scope are populated. + * @returns {java.util.ArrayList} + * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function convertScopeToClaims() { + var claims = new frJava.ArrayList(); + + scopes.toArray().forEach(function (scope) { + if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + claims.add(new frJava.Claim(claimName)); + }); + } + }); + + return claims; + } + + var claims = new frJava.ArrayList(); + + claims.addAll(convertScopeToClaims()); + claims.addAll(claimObjects); + claims.addAll(requestedTypedClaims); + + return claims; + } + + /** + * Computes and returns a claim value. + * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. + * @see claimResolvers + * If no resolver function is found, uses the default claim resolver function. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} Claim value. + * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} + * Rethrows this exception if a claim resolver throws it. + * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver + * if you want to terminate the claim processing. + */ + function computeClaim(claim) { + var resolveClaim; + var message; + + try { + resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; - // Receives and adds to the access token additional values by performing a REST call to an external service. - // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example. - var uri = 'https://jsonplaceholder.typicode.com/posts'; + return resolveClaim(claim); + } catch (e) { + message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; - try { - var request = new frJava.Request(); + if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { + throw e; + } - // You can chain methods that return the request object. - request.setUri(uri) - .setMethod('POST') - .setEntity(JSON.stringify({ - updatedFields: { - key2: 'value2', - key3: 'value3' + if (logger.warningEnabled()) { + logger.warning(message); + } } - })); + } - // You can call a method when chaining is not possible. - request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8'); + var computedClaims = new frJava.LinkedHashMap(); - // Sends the request and receives the response. - var response = httpClient.send(request).getOrThrow(); + getClaims().toArray().forEach(function (claim) { + var claimValue = computeClaim(claim); - // Checks if the response status is as expected. - if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) { - var result = JSON.parse(response.getEntity().getString()); + if (isClaimValueValid(claimValue)) { + computedClaims.put(claim.getName(), claimValue); + } else { + /** + * If a claim has been processed, but appears in the list again, + * and its value cannot be computed under the new conditions, + * the claim is removed from the final result. + * + * For example, a claim could be mapped to a scope and found in the user profile, + * but also requested by the client with required values that don't match the computed one. + * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. + * for the relevant OIDC specification details. + */ + computedClaims.remove(claim.getName()); + } + }); - // Set multiple token fields at once. - accessToken.setFields(result.updatedFields); - } else { - logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString()); + return computedClaims; } - } catch (e) { - logger.error('The request processing was interrupted. ' + e); - // The access token request fails with the HTTP 500 error in this case. - throw ('Unable to obtain response from: ' + uri); - } + /** + * Creates a map of requested scopes and the corresponding claim names. + * @returns {java.util.LinkedHashMap} + */ + function getCompositeScopes () { + var compositeScopes = new frJava.LinkedHashMap(); - // Adds new fields containing identity attribute values to the access token. - accessToken.setField('mail', identity.getAttribute('mail')); - accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]); + scopes.toArray().forEach(function (scope) { + var scopeClaims = new frJava.ArrayList(); - // Adds new fields containing the session property values. - // NOTE: session may not be available for non-interactive authorization grants. - if (session) { - try { - accessToken.setField('ipAddress', session.getProperty('Host')); - } catch (e) { - logger.error('Unable to retrieve session property value. ' + e); + if (scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + scopeClaims.add(claimName); + }); + } + + if (scopeClaims.size()) { + compositeScopes.put(scope, scopeClaims); + } + }); + + return compositeScopes; } + + // PUBLIC METHODS + + return { + setScopeClaimsMap: setScopeClaimsMap, + setClaimResolvers: setClaimResolvers, + getUserProfileClaimResolver: getUserProfileClaimResolver, + getAddressClaimResolver: getAddressClaimResolver, + getEssentialClaimResolver: getEssentialClaimResolver, + getUserInfoClaims: getUserInfoClaims + }; } - // Removes a native field from the token entry, that was set by AM. - // WARNING: removing native fields from the token may result in loss of functionality. - // accessToken.removeTokenName() + // RESULTS - // No return value is expected. Let it be undefined. + /** + * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class + * populated with the computed claim values and + * the requested scopes mapped to the claim names. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * + * Assigning it to a variable gives you an opportunity + * to log the content of the returned value during development. + */ + var userInfoClaims = utils.getUserInfoClaims(); + + /* + logger.error(scriptName + ' results:') + logger.error('Values: ' + userInfoClaims.getValues()) + logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) + */ + + return userInfoClaims; }()); -*/ ", }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-OIDC-Claims-Script.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-OIDC-Claims-Script-imported-(1).script.json 1`] = ` { "meta": Any, "script": { - "3e31996b-4522-44a2-b360-0851cece3854": { - "_id": "3e31996b-4522-44a2-b360-0851cece3854", + "cadaa25c-8347-48b1-84e9-cf8c3314cac0": { + "_id": "cadaa25c-8347-48b1-84e9-cf8c3314cac0", "context": "OIDC_CLAIMS", "createdBy": "null", "creationDate": 0, @@ -364522,7 +371914,7 @@ exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --inclu "language": "JAVASCRIPT", "lastModifiedBy": "null", "lastModifiedDate": 0, - "name": "Bravo OIDC Claims Script", + "name": "Bravo OIDC Claims Script - imported (1)", "script": "/* * Copyright 2014-2021 ForgeRock AS. All Rights Reserved * @@ -365149,22 +372541,56 @@ exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --inclu } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-OIDC-Claims-Script-imported-(1).script.json 1`] = ` +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.json 1`] = ` { "meta": Any, "script": { - "cadaa25c-8347-48b1-84e9-cf8c3314cac0": { - "_id": "cadaa25c-8347-48b1-84e9-cf8c3314cac0", + "449ef739-828e-42b4-92d6-0456d378671e": { + "_id": "449ef739-828e-42b4-92d6-0456d378671e", + "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Used by endUserUIClient", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Bravo endUserUIClient OAuth2 Access Token Modification Script", + "script": "(function () { + if (scopes.contains('fr:autoaccess:*') || scopes.contains('fr:iga:*') || scopes.contains('fr:idc:analytics:*')) { + var fr = JavaImporter( + com.sun.identity.idm.IdType + ); + var groups = []; + identity.getMemberships(fr.IdType.GROUP).toArray().forEach(function (group) { + groups.push(group.getAttribute('cn').toArray()[0]); + }); + accessToken.setField('groups', groups); + } +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-endUserUIClient-OIDC-Claims-Script.script.json 1`] = ` +{ + "meta": Any, + "script": { + "d3ced49b-50cd-4ee9-bd8b-33a46f367fb1": { + "_id": "d3ced49b-50cd-4ee9-bd8b-33a46f367fb1", "context": "OIDC_CLAIMS", "createdBy": "null", "creationDate": 0, "default": false, - "description": "Default bravo realm script for OIDC claims", + "description": "Used by endUserUIClient", "evaluatorVersion": "1.0", "language": "JAVASCRIPT", "lastModifiedBy": "null", "lastModifiedDate": 0, - "name": "Bravo OIDC Claims Script - imported (1)", + "name": "Bravo endUserUIClient OIDC Claims Script", "script": "/* * Copyright 2014-2021 ForgeRock AS. All Rights Reserved * @@ -365553,13401 +372979,19443 @@ exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --inclu throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); } - return claimValue; - } + return claimValue; + } + + return resolveEssentialClaim; + } + + /** + * Provides default resolution for a claim. + * Use it if a claim-specific resolver is not defined in the configuration. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} A single value associated with this claim. + */ + function resolveAnyClaim (claim) { + if (claim.getValues().size() === 1) { + return claim.getValues().toArray()[0]; + } + } + + // UTILITIES + + /** + * Returns claim value from a set. + * If the set contains a single value, returns the value. + * If the set contains multiple values, returns the set. + * Otherwise, returns undefined. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @param {java.util.HashSet} set The set—for example, a user profile attribute value. + * @returns {string|java.util.HashSet|undefined} + */ + function getClaimValueFromSet (claim, set) { + if (set && set.size()) { + if (set.size() === 1) { + return set.toArray()[0]; + } else { + return set; + } + } else if (logger.warningEnabled()) { + logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); + } + } + + function isClaimValueValid (claimValue) { + if (typeof claimValue === 'undefined' || claimValue === null) { + return false; + } + + return true; + } + + // CLAIM PROCESSING + + /** + * Constructs and returns an object populated with the computed claim values + * and the requested scopes mapped to the claim names. + * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * @see RESULTS section for the use of this function. + */ + function getUserInfoClaims () { + return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); + } + + /** + * Creates a map of (requested) claim names populated with the computed claim values. + * @returns {java.util.LinkedHashMap} + * A map of the requested claim names and the corresponding claim values. + */ + function getComputedClaims () { + /** + * Creates a complete list of claim objects from: + * the claims derived from the scopes, + * the claims provided by the authorization server, + * and the claims requested by the client. + * @returns {java.util.ArrayList} + * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function getClaims() { + /** + * Returns a list of claim objects for the requested scopes. + * Uses the scopeClaimsMap configuration option to derive the claim names; + * no other properties of a claim derived from a scope are populated. + * @returns {java.util.ArrayList} + * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function convertScopeToClaims() { + var claims = new frJava.ArrayList(); + + scopes.toArray().forEach(function (scope) { + if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + claims.add(new frJava.Claim(claimName)); + }); + } + }); + + return claims; + } + + var claims = new frJava.ArrayList(); + + claims.addAll(convertScopeToClaims()); + claims.addAll(claimObjects); + claims.addAll(requestedTypedClaims); + + return claims; + } + + /** + * Computes and returns a claim value. + * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. + * @see claimResolvers + * If no resolver function is found, uses the default claim resolver function. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} Claim value. + * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} + * Rethrows this exception if a claim resolver throws it. + * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver + * if you want to terminate the claim processing. + */ + function computeClaim(claim) { + var resolveClaim; + var message; + + try { + resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; + + return resolveClaim(claim); + } catch (e) { + message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; + + if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { + throw e; + } + + if (logger.warningEnabled()) { + logger.warning(message); + } + } + } + + var computedClaims = new frJava.LinkedHashMap(); + + getClaims().toArray().forEach(function (claim) { + var claimValue = computeClaim(claim); + + if (isClaimValueValid(claimValue)) { + computedClaims.put(claim.getName(), claimValue); + } else { + /** + * If a claim has been processed, but appears in the list again, + * and its value cannot be computed under the new conditions, + * the claim is removed from the final result. + * + * For example, a claim could be mapped to a scope and found in the user profile, + * but also requested by the client with required values that don't match the computed one. + * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. + * for the relevant OIDC specification details. + */ + computedClaims.remove(claim.getName()); + } + }); + + return computedClaims; + } + + /** + * Creates a map of requested scopes and the corresponding claim names. + * @returns {java.util.LinkedHashMap} + */ + function getCompositeScopes () { + var compositeScopes = new frJava.LinkedHashMap(); + + scopes.toArray().forEach(function (scope) { + var scopeClaims = new frJava.ArrayList(); + + if (scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + scopeClaims.add(claimName); + }); + } + + if (scopeClaims.size()) { + compositeScopes.put(scope, scopeClaims); + } + }); + + return compositeScopes; + } + + // PUBLIC METHODS + + return { + setScopeClaimsMap: setScopeClaimsMap, + setClaimResolvers: setClaimResolvers, + getUserProfileClaimResolver: getUserProfileClaimResolver, + getAddressClaimResolver: getAddressClaimResolver, + getEssentialClaimResolver: getEssentialClaimResolver, + getUserInfoClaims: getUserInfoClaims + }; + } + + // RESULTS + + /** + * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class + * populated with the computed claim values and + * the requested scopes mapped to the claim names. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * + * Assigning it to a variable gives you an opportunity + * to log the content of the returned value during development. + */ + var userInfoClaims = utils.getUserInfoClaims(); + + /* + logger.error(scriptName + ' results:') + logger.error('Values: ' + userInfoClaims.getValues()) + logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) + */ + + return userInfoClaims; +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Check-Resolved-Username.script.json 1`] = ` +{ + "meta": Any, + "script": { + "ffcfbd20-38d5-4f74-8766-7df90af4dbe4": { + "_id": "ffcfbd20-38d5-4f74-8766-7df90af4dbe4", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Check if username has already been resolved to _id.", + "evaluatorVersion": "2.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Check Resolved Username", + "script": "/* Resolve Username + * + * Author: volker.scheuber@forgerock.com + * + * Check if username has already been resolved to _id. + * Return "true" if resolved, "false" otherwise. + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + * - false + */ +(function () { + if (nodeState.get("_id")) { + outcome = "true"; + } + else { + outcome = "false"; + } +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Check-Resolved-Username-imported-(1).script.json 1`] = ` +{ + "meta": Any, + "script": { + "870f0298-2f96-4e10-990d-3436fc2f3c43": { + "_id": "870f0298-2f96-4e10-990d-3436fc2f3c43", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Check if username has already been resolved to _id.", + "evaluatorVersion": "2.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Check Resolved Username - imported (1)", + "script": "/* Resolve Username + * + * Author: volker.scheuber@forgerock.com + * + * Check if username has already been resolved to _id. + * Return "true" if resolved, "false" otherwise. + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + * - false + */ +(function () { + if (nodeState.get("_id")) { + outcome = "true"; + } + else { + outcome = "false"; + } +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Check-Username.script.json 1`] = ` +{ + "meta": Any, + "script": { + "739bdc48-fd24-4c52-b353-88706d75558a": { + "_id": "739bdc48-fd24-4c52-b353-88706d75558a", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Check if username has already been collected.", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Check Username", + "script": "/* Check Username + * + * Author: volker.scheuber@forgerock.com + * + * Check if username has already been collected. + * Return "known" if yes, "unknown" otherwise. + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - known + * - unknown + */ +(function () { + if (null != sharedState.get("username")) { + outcome = "known"; + } + else { + outcome = "unknown"; + } +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Dummy.script.json 1`] = ` +{ + "meta": Any, + "script": { + "bb0b46f8-bdf3-4fb8-8d8f-bd921af7e79e": { + "_id": "bb0b46f8-bdf3-4fb8-8d8f-bd921af7e79e", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Dummy", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Dummy", + "script": "outcome = "true"; +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Full-Verification-Results.script.json 1`] = ` +{ + "meta": Any, + "script": { + "ca0c39c5-9c50-417f-a36e-815cfd1ecffe": { + "_id": "ca0c39c5-9c50-417f-a36e-815cfd1ecffe", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Show full identity verification results", + "evaluatorVersion": "2.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Full Verification Results", + "script": "/* Full Verification Results + * + * Author: volker.scheuber@forgerock.com + * + * Show full identity verification results + * + * This script needs to be parametrized. It may not work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + */ +(function () { + outcome = 'true'; + + var p1UserIdAmAttr = 'fr-attr-istr1'; + var p1UserIdIdmAttr = 'frIndexedString1'; + var selfieAmAttr = 'fr-attr-str1'; + var selfieIdmAttr = 'frUnindexedString1'; + var portraitAmAttr = 'fr-attr-str2'; + var portraitIdmAttr = 'frUnindexedString2'; + var firstNameAttr = 'givenName'; + var lastNameAttr = 'sn'; + var metaDataAmAttr = 'fr-attr-str3'; + var metaDataIdmAttr = 'frUnindexedString3'; + var customIdmAttrs = 'fr-idm-custom-attrs'; + var verifiedFirstNameAttr = 'custom_verifiedFirstName'; + var verifiedLastNameAttr = 'custom_verifiedLastName'; + var verifyStatusAttr = 'custom_verifyStatus'; + + var identity = idRepository.getIdentity(nodeState.get('_id')); + var p1UserId = identity.getAttributeValues(p1UserIdAmAttr)[0]; + var selfie = identity.getAttributeValues(selfieAmAttr)[0]; + var portrait = identity.getAttributeValues(portraitAmAttr)[0]; + var firstName = identity.getAttributeValues(firstNameAttr)[0]; + var lastName = identity.getAttributeValues(lastNameAttr)[0]; + var metaData = JSON.parse(identity.getAttributeValues(metaDataAmAttr)[0]); + var customAttrs = JSON.parse(identity.getAttributeValues(customIdmAttrs)[0]); + + var anchor = 'anchor-'.concat(generateNumericToken('xxx')); + var halign = 'left'; + var referenceImage = 'Reference Image'; + var freshSelfieImg = 'Fresh Selfie'; + var firstNameMatch = getBiographicMatchResult(metaData, 'given_name'); + var lastNameMatch = getBiographicMatchResult(metaData, 'family_name'); + var identityTable = \`\\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ +
IdentifierApplicationGovernment IDMatch
First Name:\${firstName}\${customAttrs[verifiedFirstNameAttr]}\${firstNameMatch}
Last Name:\${lastName}\${customAttrs[verifiedLastNameAttr]}\${lastNameMatch}
\`; + var docStructJdgmnt = getMitekResult(metaData, 'Document Structure').judgement; + var docDataCompJdgmnt = getMitekResult(metaData, 'Document Data Comparison').judgement; + var humanFaceJdgmnt = getMitekResult(metaData, 'Human Face Presence').judgement + var fieldValidJdgmnt = getMitekResult(metaData, 'Field Validation').judgement; + var blacklistJdgmnt = getMitekResult(metaData, 'ID Document Blacklist').judgement; + var barcodeJdgmnt = getMitekResult(metaData, 'Barcode Analysis').judgement; + var govDocTable = \`\\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ +
Document Structure:\${docStructJdgmnt}
Document Data Comparison:\${docDataCompJdgmnt}
Human Face Presence:\${humanFaceJdgmnt}
Field Validation:\${fieldValidJdgmnt}
ID Document Blacklist:\${blacklistJdgmnt}
Barcode Analysis:\${barcodeJdgmnt}
\`; + var similarity = getSimilarity(getResult(metaData, 'FACIAL_COMPARISON').data.similarity); + var liveness = getLiveness(getResult(metaData, 'LIVENESS').data.probability); + var facialTable = \`\\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ +
Facial Comparison:\${similarity}
Liveness:\${liveness}
\`; + var selfieTable = \`\\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ +

Government ID Picture

Fresh Selfie

\${referenceImage}\${freshSelfieImg}
\`; + var message = \`\\ +

Status

\\ +

\${customAttrs[verifyStatusAttr]}

\\ +

Identity

\\ + \${identityTable}\\ +

Government ID Authentication

\\ + \${govDocTable}\\ +

Facial Comparison & Liveness

\\ + \${facialTable}\\ +
\${selfieTable}\`; + var script = "Array.prototype.slice.call(\\n".concat( + "document.getElementsByClassName('callback-component')).forEach(\\n").concat( + "function (e) {\\n").concat( + " var message = e.firstElementChild;\\n").concat( + " console.log('here!');\\n").concat( + " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( + " message.className = \\"text-left\\";\\n").concat( + " message.align = \\"").concat(halign).concat("\\";\\n").concat( + " message.innerHTML = '").concat(message).concat("';\\n").concat( + " }\\n").concat( + "})") + if (callbacks.isEmpty()) { + callbacksBuilder.textOutputCallback(0, anchor); + callbacksBuilder.scriptTextOutputCallback(script); + } else { + action = action.goTo('true'); + } + + function getSimilarity(num) { + if (num >= 85) return 'High'; + if (num >= 65) return 'Medium'; + return 'Low'; + } + + function getLiveness(num) { + if (num >= 0.5) return 'Live'; + return 'Spoofed' + } + + function colorize(text) { + var color = ''; + var success = 'green'; + var soso = 'yellow'; + var failure = 'red'; + var colors = { + 'not_authentic': \`color:\${failure};\`, + 'success': \`color:\${success};\`, + 'authentic': \`color:\${success};\`, + 'live': \`color:\${success};\`, + 'high': \`color:\${success};\`, + 'medium': \`color:\${soso};\`, + 'fail': \`color:\${failure};\`, + 'low': \`color:\${failure};\`, + 'spoofed': \`color:\${failure};\`, + }; + Object.keys(colors).forEach((it) => { + if (text.toLowerCase().indexOf(it) >= 0) color = colors[it]; + return; + }); + return color; + } + + function getResult(metaData, type) { + var result = null; + if (metaData && type) { + metaData._embedded.metaData.forEach((it) => { + if (it.type === type) { + result = it; + return; + } + }); + } + return result; + } + + function getMitekResult(metaData, name) { + var result = null; + var mitekResults = getResult(metaData, 'DOCUMENT_AUTHENTICATION'); + if (mitekResults && name) { + mitekResults.data.mitekVerifications.forEach((it) => { + if (it.name === name) { + result = it; + return; + } + }); + } + return result; + } + + function getBiographicMatchResult(metaData, field) { + var result = null; + var biographicMatchResult = getResult(metaData, 'BIOGRAPHIC_MATCH'); + if (biographicMatchResult && field) { + biographicMatchResult.data.biographic_match_results.forEach((it) => { + if (it.identifier === field) { + result = it.match; + return; + } + }); + } + return result; + } + + /* + * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. + * + * Example: + * 'xxxxx' produces '28535' + * 'xxx-xxx' produces '432-521' + */ + function generateNumericToken(format) { + return format.replace(/[x]/g, function (c) { + var r = (Math.random() * 10) | 0; + var v = r; + return v.toString(10); + }); + } + + /* + * Read attributes in shared state for use with the Create/Patch Object nodes. + */ + function getObjectAttribute(name) { + var attributes = nodeState.get("objectAttributes"); + if (attributes) { + if (attributes.get) { + return attributes.get(name); + } + else { + return attributes.name; + } + } + return null; + } + + /* + * Store attributes in shared state for use with the Create/Patch Object nodes. + */ + function setSharedObjectAttribute(name, value) { + var attributes = nodeState.get("objectAttributes"); + if (attributes && value) { + attributes.put(name, value); + nodeState.putShared("objectAttributes", attributes); + } else if (value) { + nodeState.putShared("objectAttributes", { name: value } ); + } + } +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Load-Reference-Selfie.script.json 1`] = ` +{ + "meta": Any, + "script": { + "09d6f27b-3c7c-4bc0-a7ff-e19d93f6b6d9": { + "_id": "09d6f27b-3c7c-4bc0-a7ff-e19d93f6b6d9", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Load reference selfie into shared state", + "evaluatorVersion": "2.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Load Reference Selfie", + "script": "/* Load Reference Selfie + * + * Author: volker.scheuber@forgerock.com + * + * Load reference selfie into transient state + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + */ +(function () { + outcome = 'true'; + + var selfieAttr = 'fr-attr-str1'; + var identity = idRepository.getIdentity(nodeState.get('_id')); + var selfie = identity.getAttributeValues(selfieAttr)[0]; + if (selfie) { + setTransientObjectAttribute(selfieAttr, selfie); + } + + /* + * Store attributes in shared state for use with the Create/Patch Object nodes. + */ + function setTransientObjectAttribute(name, value) { + var attributes = nodeState.get("objectAttributes"); + if (attributes && value) { + attributes.put(name, value); + nodeState.putTransient("objectAttributes", attributes); + } else if (value) { + nodeState.putTransient("objectAttributes", { name: value } ); + } + } +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Prepare-Account-Creation.script.json 1`] = ` +{ + "meta": Any, + "script": { + "835c3d04-4883-4fb7-b957-bd6ff6ff9d50": { + "_id": "835c3d04-4883-4fb7-b957-bd6ff6ff9d50", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Set username from email and copy first and last name to applicant attributes.", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Prepare Account Creation", + "script": "/* Prepare Account Creation + * + * Author: volker.scheuber@forgerock.com + * + * Set username from email and copy first and last name to applicant attributes. + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + */ +(function () { + outcome = "true"; + + sharedState.put("username", getSharedObjectAttribute("mail")) + setSharedObjectAttribute("userName", getSharedObjectAttribute("mail")) + setSharedObjectAttribute("custom_verifiedFirstName", getSharedObjectAttribute("givenName")) + setSharedObjectAttribute("custom_verifiedLastName", getSharedObjectAttribute("sn")) + setSharedObjectAttribute("custom_verifyStatus", 'Not verified') + + /* + * Store attributes in shared state for use with the Create/Patch Object nodes. + */ + function setSharedObjectAttribute(name, value) { + var storage = sharedState.get("objectAttributes"); + if (storage && value) { + if (storage.put) { + storage.put(name, value); + } + else { + storage[name] = value; + } + } + else if (value) { + sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); + } + } + + /* + * Read attributes in shared state for use with the Create/Patch Object nodes. + */ + function getSharedObjectAttribute(name) { + var storage = sharedState.get("objectAttributes"); + if (storage) { + if (storage.get) { + return sharedState.get("objectAttributes").get(name); + } + else { + return storage.name; + } + } + return null; + } +}()); +", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Prepare-Account-Update.script.json 1`] = ` +{ + "meta": Any, + "script": { + "4233c093-76a6-474b-ac38-5c0ea1de2484": { + "_id": "4233c093-76a6-474b-ac38-5c0ea1de2484", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Move data from root of node state into objectAttributes for account update.", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Prepare Account Update", + "script": "/* Prepare Account Update + * + * Author: volker.scheuber@forgerock.com + * + * Move data from root of node state into objectAttributes for account update. + * + * This script needs to be parametrized. It may not work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + */ +(function () { + outcome = 'true'; + + /* Configure to fit your env */ + var p1UserIdAmAttr = 'fr-attr-istr1'; // this is what should be configured in your verify proofing node + var p1UserIdIdmAttr = 'frIndexedString1'; + var selfieSource = 'selfieBase64'; + var selfieTarget = 'frUnindexedString1'; + var croppedPortraitSource = 'croppedPortraitBase64'; + var croppedPortraitTarget = 'frUnindexedString2'; + var metadataSource = 'VerifyMetadataResult'; + var metadataTarget = 'frUnindexedString3'; + var verifyStatusAttr = 'custom_verifyStatus'; + var verifyFailedReason = 'VerifedFailedReason'; - return resolveEssentialClaim; - } + setSharedObjectAttribute(p1UserIdIdmAttr, sharedState.get(p1UserIdAmAttr)) + setSharedObjectAttribute(selfieTarget, sharedState.get(selfieSource)); + setSharedObjectAttribute(croppedPortraitTarget, sharedState.get(croppedPortraitSource)); + setSharedObjectAttribute(metadataTarget, JSON.stringify(transientState.get(metadataSource))); + setSharedObjectAttribute(verifyStatusAttr, sharedState.get(verifyFailedReason) || 'Successfully verified'); + + // remove source to minimize AuthId size + sharedState.put(selfieSource, ''); + sharedState.put(croppedPortraitSource, ''); - /** - * Provides default resolution for a claim. - * Use it if a claim-specific resolver is not defined in the configuration. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} A single value associated with this claim. - */ - function resolveAnyClaim (claim) { - if (claim.getValues().size() === 1) { - return claim.getValues().toArray()[0]; - } - } + /* + * Store attributes in shared state for use with the Create/Patch Object nodes. + */ + function setSharedObjectAttribute(name, value) { + var storage = sharedState.get('objectAttributes'); + if (storage && value) { + if (storage.put) { + storage.put(name, value); + } + else { + storage[name] = value; + } + } + else if (value) { + sharedState.put('objectAttributes', JSON.parse('{"'+name+'":"'+value+'"}')); + } + } +}()); +", + }, + }, +} +`; - // UTILITIES +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Remove-Button.script.json 1`] = ` +{ + "meta": Any, + "script": { + "9535446c-0ff6-4a76-8576-616599119d64": { + "_id": "9535446c-0ff6-4a76-8576-616599119d64", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Remove button from page.", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Remove Button", + "script": "/* Remove Button + * + * Author: volker.scheuber@forgerock.com + * + * Hide buttons on the journey page. + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + */ +(function () { + var script = "Array.prototype.slice.call(document.getElementsByTagName('button')).forEach(function (e) {e.style.display = 'none'})" + var fr = JavaImporter( + org.forgerock.openam.auth.node.api.Action, + javax.security.auth.callback.TextOutputCallback, + com.sun.identity.authentication.callbacks.ScriptTextOutputCallback + ) + var message = " " + if (callbacks.isEmpty()) { + action = fr.Action.send( + new fr.TextOutputCallback( + fr.TextOutputCallback.INFORMATION, + message + ), + new fr.ScriptTextOutputCallback(script) + ).build() + } +}()); +", + }, + }, +} +`; - /** - * Returns claim value from a set. - * If the set contains a single value, returns the value. - * If the set contains multiple values, returns the set. - * Otherwise, returns undefined. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @param {java.util.HashSet} set The set—for example, a user profile attribute value. - * @returns {string|java.util.HashSet|undefined} - */ - function getClaimValueFromSet (claim, set) { - if (set && set.size()) { - if (set.size() === 1) { - return set.toArray()[0]; - } else { - return set; - } - } else if (logger.warningEnabled()) { - logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); - } - } +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Selfie-Authentication-Results.script.json 1`] = ` +{ + "meta": Any, + "script": { + "eaab5b6d-fc11-4365-93da-00eb9121adb9": { + "_id": "eaab5b6d-fc11-4365-93da-00eb9121adb9", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Show selfie authentication results", + "evaluatorVersion": "2.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Selfie Authentication Results", + "script": "/* Selfie Authentication Results + * + * Author: volker.scheuber@forgerock.com + * + * Show selfie authentication results + * + * This script needs to be parametrized. It may not work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + */ +(function () { + outcome = 'true'; - function isClaimValueValid (claimValue) { - if (typeof claimValue === 'undefined' || claimValue === null) { - return false; - } + var p1UserIdAmAttr = 'fr-attr-istr1'; + var p1UserIdIdmAttr = 'frIndexedString1'; + var selfieAmAttr = 'fr-attr-str1'; + var selfieIdmAttr = 'frUnindexedString1'; + var firstNameAttr = 'givenName'; + var lastNameAttr = 'sn'; + + var identity = idRepository.getIdentity(nodeState.get('_id')); + var p1UserId = identity.getAttributeValues(p1UserIdAmAttr)[0]; + var selfie = getObjectAttribute(selfieIdmAttr) ? getObjectAttribute(selfieIdmAttr) : identity.getAttributeValues(selfieAmAttr)[0]; + var firstName = getObjectAttribute(firstNameAttr) ? getObjectAttribute(firstNameAttr) : identity.getAttributeValues(firstNameAttr)[0]; + var lastName = getObjectAttribute(lastNameAttr) ? getObjectAttribute(lastNameAttr) : identity.getAttributeValues(lastNameAttr)[0]; - return true; + var anchor = 'anchor-'.concat(generateNumericToken('xxx')); + var halign = 'left'; + var referenceImage = 'Reference Image'; + var identityTable = \`\\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ +
First Name:\${firstName}
Last Name:\${lastName}
\`; + var selfieTable = \`\\ + \\ + \\ + \\ + \\ + \\ + \\ + \\ +

Reference Image

\${referenceImage}
\`; + var message = \`\\ +

Identity

\\ + \${identityTable}\\ +
\${selfieTable}\`; + var script = "Array.prototype.slice.call(\\n".concat( + "document.getElementsByClassName('callback-component')).forEach(\\n").concat( + "function (e) {\\n").concat( + " var message = e.firstElementChild;\\n").concat( + " console.log('here!');\\n").concat( + " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( + " message.className = \\"text-left\\";\\n").concat( + " message.align = \\"").concat(halign).concat("\\";\\n").concat( + " message.innerHTML = '").concat(message).concat("';\\n").concat( + " }\\n").concat( + "})") + if (callbacks.isEmpty()) { + callbacksBuilder.textOutputCallback(0, anchor); + callbacksBuilder.scriptTextOutputCallback(script); + } else { + action = action.goTo('true'); + } + + function getResult(metaData, type) { + var result = null; + if (metaData && type) { + metaData._embedded.metaData.forEach((it) => { + if (it.type === type) { + result = it; + return; } - - // CLAIM PROCESSING - - /** - * Constructs and returns an object populated with the computed claim values - * and the requested scopes mapped to the claim names. - * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * @see RESULTS section for the use of this function. - */ - function getUserInfoClaims () { - return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); + }); + } + return result; + } + + function getMitekResult(metaData, name) { + var result = null; + var mitekResults = getResult(metaData, 'DOCUMENT_AUTHENTICATION'); + if (mitekResults && name) { + mitekResults.data.mitekVerifications.forEach((it) => { + if (it.name === name) { + result = it; + return; } + }); + } + return result; + } - /** - * Creates a map of (requested) claim names populated with the computed claim values. - * @returns {java.util.LinkedHashMap} - * A map of the requested claim names and the corresponding claim values. - */ - function getComputedClaims () { - /** - * Creates a complete list of claim objects from: - * the claims derived from the scopes, - * the claims provided by the authorization server, - * and the claims requested by the client. - * @returns {java.util.ArrayList} - * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function getClaims() { - /** - * Returns a list of claim objects for the requested scopes. - * Uses the scopeClaimsMap configuration option to derive the claim names; - * no other properties of a claim derived from a scope are populated. - * @returns {java.util.ArrayList} - * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function convertScopeToClaims() { - var claims = new frJava.ArrayList(); + /* + * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. + * + * Example: + * 'xxxxx' produces '28535' + * 'xxx-xxx' produces '432-521' + */ + function generateNumericToken(format) { + return format.replace(/[x]/g, function (c) { + var r = (Math.random() * 10) | 0; + var v = r; + return v.toString(10); + }); + } - scopes.toArray().forEach(function (scope) { - if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - claims.add(new frJava.Claim(claimName)); - }); - } - }); + /* + * Read attributes in shared state for use with the Create/Patch Object nodes. + */ + function getObjectAttribute(name) { + var attributes = nodeState.get("objectAttributes"); + if (attributes) { + if (attributes.get) { + return attributes.get(name); + } + else { + return attributes.name; + } + } + return null; + } - return claims; - } + /* + * Store attributes in shared state for use with the Create/Patch Object nodes. + */ + function setSharedObjectAttribute(name, value) { + var attributes = nodeState.get("objectAttributes"); + if (attributes && value) { + attributes.put(name, value); + nodeState.putShared("objectAttributes", attributes); + } else if (value) { + nodeState.putShared("objectAttributes", { name: value } ); + } + } +}()); +", + }, + }, +} +`; - var claims = new frJava.ArrayList(); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/debug-imported-(1).script.json 1`] = ` +{ + "meta": Any, + "script": { + "3cb43516-ae69-433a-8787-501d45db14e9": { + "_id": "3cb43516-ae69-433a-8787-501d45db14e9", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Display sharedState, transientState, and headers.", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "debug - imported (1)", + "script": "/* debug + * + * Author: volker.scheuber@forgerock.com + * + * Display sharedState, transientState, and headers. + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - true + */ +(function () { + var anchor = 'anchor-'.concat(generateNumericToken('xxx')); + var halign = 'left'; + var message = "

Shared State:
".concat( + sharedState.toString()).concat("

").concat( + "

Transient State:
").concat( + transientState.toString()).concat("

").concat( + "

Request Parameters:
").concat( + getQueryString()).concat("").concat( + "

Request Headers:
").concat( + requestHeaders.toString()).concat("

") + var script = "Array.prototype.slice.call(\\n".concat( + "document.getElementsByClassName('callback-component')).forEach(\\n").concat( + "function (e) {\\n").concat( + " var message = e.firstElementChild;\\n").concat( + " console.log('here!');\\n").concat( + " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( + " message.className = \\"text-left\\";\\n").concat( + " message.align = \\"").concat(halign).concat("\\";\\n").concat( + " message.innerHTML = '").concat(message).concat("';\\n").concat( + " }\\n").concat( + "})") + var fr = JavaImporter( + org.forgerock.openam.auth.node.api.Action, + javax.security.auth.callback.TextOutputCallback, + com.sun.identity.authentication.callbacks.ScriptTextOutputCallback + ); + if (message.length && callbacks.isEmpty()) { + action = fr.Action.send( + new fr.TextOutputCallback(fr.TextOutputCallback.INFORMATION, message), + new fr.ScriptTextOutputCallback(script) + ).build(); + } else { + action = fr.Action.goTo('true').build(); + } - claims.addAll(convertScopeToClaims()); - claims.addAll(claimObjects); - claims.addAll(requestedTypedClaims); + /* + * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. + * + * Example: + * 'xxxxx' produces '28535' + * 'xxx-xxx' produces '432-521' + */ + function generateNumericToken(format) { + return format.replace(/[x]/g, function (c) { + var r = (Math.random() * 10) | 0; + var v = r; + return v.toString(10); + }); + } - return claims; - } + function getQueryString() { + + requestParameters.put('authIndexType', ['service']); + requestParameters.put('authIndexValue', ['Simple']); + requestParameters.put('username', [sharedState.get('username')]); + + var query = ''; + var params = Object.keys(requestParameters); + for (var i = 0; i < params.length ; i++) { + var param = params[i]; + var values = requestParameters.get(param); + for (var j = 0; j < values.length ; j++) { + var value = values[j]; + query = query + param + '=' + encodeURIComponent(value) + '&'; + }; + }; + return query.substring(0, query.length > 0 ? query.length - 1 : 0); + } +})(); +", + }, + }, +} +`; - /** - * Computes and returns a claim value. - * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. - * @see claimResolvers - * If no resolver function is found, uses the default claim resolver function. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} Claim value. - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - * Rethrows this exception if a claim resolver throws it. - * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver - * if you want to terminate the claim processing. - */ - function computeClaim(claim) { - var resolveClaim; - var message; +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/SocialIdentityProviders.service.json 1`] = ` +{ + "meta": Any, + "service": { + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "enabled": true, + "location": "/bravo", + }, + }, +} +`; - try { - resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/TNTPPingOneService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "TNTPPingOneService": { + "_id": "", + "_type": { + "_id": "TNTPPingOneService", + "collection": false, + "name": "PingOne Service", + }, + "enable": true, + "location": "/bravo", + "nextDescendents": [ + { + "_id": "p1-volker-dev", + "_type": { + "_id": "PingOneService", + "collection": true, + "name": "instance", + }, + "clientIdWorkerApp": "9e4b8778-8d02-4533-b11f-407c15e5519e", + "clientIdWorkerSecret": "MYeArFcBVz_koayPMhz8dSmkKN9P1SjEA3CApwzWTfKuGvhS3XERxRpR1zTYg0ZT", + "environmentId": "183aa418-cdd3-4075-b20d-1ed89c8ca36e", + "environmentRegion": "NA", + }, + { + "_id": "JC", + "_type": { + "_id": "PingOneService", + "collection": true, + "name": "instance", + }, + "clientIdWorkerApp": "bc700ab9-b18d-4d75-9c10-0ddfd7a2fcf6", + "clientIdWorkerSecret": "PYT2yEkgv73IAXf7W-Gxo32SdANddMPdRPHuo8btgIR~qoU_KBmP3NfGpVxxGCK-", + "environmentId": "77826556-ad2a-4cb9-86fc-41f53fd35d4d", + "environmentRegion": "NA", + }, + ], + }, + }, +} +`; - return resolveClaim(claim); - } catch (e) { - message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/baseurl.service.json 1`] = ` +{ + "meta": Any, + "service": { + "baseurl": { + "_id": "", + "_type": { + "_id": "baseurl", + "collection": false, + "name": "Base URL Source", + }, + "contextPath": "/am", + "fixedValue": "https://&{fqdn}", + "location": "/bravo", + "nextDescendents": [], + "source": "REQUEST_VALUES", + }, + }, +} +`; - if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { - throw e; - } +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/email.service.json 1`] = ` +{ + "meta": Any, + "service": { + "email": { + "_id": "", + "_type": { + "_id": "email", + "collection": false, + "name": "Email Service", + }, + "emailAddressAttribute": "mail", + "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", + "emailRateLimitSeconds": 1, + "location": "/bravo", + "nextDescendents": [], + "port": 465, + "sslState": "SSL", + "transportType": "default-smtp", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/oauth-oidc.service.json 1`] = ` +{ + "meta": Any, + "service": { + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email", + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens", + ], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "location": "/bravo", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "21138ab1-0621-4466-b18f-670bfcbabca7", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "3e31996b-4522-44a2-b360-0851cece3854", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]", + }, + }, + }, +} +`; - if (logger.warningEnabled()) { - logger.warning(message); - } - } - } +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/pingOneWorkerService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "pingOneWorkerService": { + "_id": "", + "_type": { + "_id": "pingOneWorkerService", + "collection": false, + "name": "PingOne Worker Service", + }, + "enabled": true, + "location": "/bravo", + "nextDescendents": [], + }, + }, +} +`; - var computedClaims = new frJava.LinkedHashMap(); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/policyconfiguration.service.json 1`] = ` +{ + "meta": Any, + "service": { + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "bindDn": "&{am.stores.user.username}", + "bindPassword": { + "$string": "&{am.stores.user.password}", + }, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "userstore-1.userstore:1389", + "userstore-0.userstore:1389", + "userstore-2.userstore:1389", + ], + "location": "/bravo", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": { + "$bool": "&{am.stores.ssl.enabled}", + }, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "ou=identities", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + }, +} +`; - getClaims().toArray().forEach(function (claim) { - var claimValue = computeClaim(claim); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/selfServiceTrees.service.json 1`] = ` +{ + "meta": Any, + "service": { + "selfServiceTrees": { + "_id": "", + "_type": { + "_id": "selfServiceTrees", + "collection": false, + "name": "Self Service Trees", + }, + "enabled": true, + "location": "/bravo", + "nextDescendents": [], + "treeMapping": { + "forgottenUsername": "ForgottenUsername", + "registration": "Registration", + "resetPassword": "ResetPassword", + "updatePassword": "UpdatePassword", + }, + }, + }, +} +`; - if (isClaimValueValid(claimValue)) { - computedClaims.put(claim.getName(), claimValue); - } else { - /** - * If a claim has been processed, but appears in the list again, - * and its value cannot be computed under the new conditions, - * the claim is removed from the final result. - * - * For example, a claim could be mapped to a scope and found in the user profile, - * but also requested by the client with required values that don't match the computed one. - * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. - * for the relevant OIDC specification details. - */ - computedClaims.remove(claim.getName()); - } - }); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/validation.service.json 1`] = ` +{ + "meta": Any, + "service": { + "validation": { + "_id": "", + "_type": { + "_id": "validation", + "collection": false, + "name": "Validation Service", + }, + "location": "/bravo", + "nextDescendents": [], + "validGotoDestinations": [ + "&{am.server.protocol|https}://&{fqdn}/*?*", + ], + }, + }, +} +`; - return computedClaims; - } +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectAttributes/undefined.subjectAttributes.json 1`] = ` +{ + "meta": Any, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, +} +`; - /** - * Creates a map of requested scopes and the corresponding claim names. - * @returns {java.util.LinkedHashMap} - */ - function getCompositeScopes () { - var compositeScopes = new frJava.LinkedHashMap(); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/AND.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + }, +} +`; - scopes.toArray().forEach(function (scope) { - var scopeClaims = new frJava.ArrayList(); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "AuthenticatedUsers", + }, + }, +} +`; - if (scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - scopeClaims.add(claimName); - }); - } +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/Identity.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "Identity": { + "_id": "Identity", + "config": { + "properties": { + "subjectValues": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Identity", + }, + }, +} +`; - if (scopeClaims.size()) { - compositeScopes.put(scope, scopeClaims); - } - }); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "JwtClaim": { + "_id": "JwtClaim", + "config": { + "properties": { + "claimName": { + "type": "string", + }, + "claimValue": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "JwtClaim", + }, + }, +} +`; - return compositeScopes; - } +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/NONE.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "NONE": { + "_id": "NONE", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "NONE", + }, + }, +} +`; - // PUBLIC METHODS +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/NOT.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "subject": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + }, +} +`; - return { - setScopeClaimsMap: setScopeClaimsMap, - setClaimResolvers: setClaimResolvers, - getUserProfileClaimResolver: getUserProfileClaimResolver, - getAddressClaimResolver: getAddressClaimResolver, - getEssentialClaimResolver: getEssentialClaimResolver, - getUserInfoClaims: getUserInfoClaims - }; - } +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/OR.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + }, +} +`; - // RESULTS +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/Policy.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "name": { + "type": "string", + }, + "values": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + }, +} +`; - /** - * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class - * populated with the computed claim values and - * the requested scopes mapped to the claim names. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * - * Assigning it to a variable gives you an opportunity - * to log the content of the returned value during development. - */ - var userInfoClaims = utils.getUserInfoClaims(); +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Contrast.theme.json 1`] = ` +{ + "meta": Any, + "theme": { + "cd6c93e2-52e2-4340-9770-66a588343841": { + "_id": "cd6c93e2-52e2-4340-9770-66a588343841", + "accountFooter": "
© 2021 +My Company, IncPrivacy PolicyTerms & Conditions
", + "accountFooterEnabled": false, + "accountPageSections": { + "accountControls": { + "enabled": false, + }, + "accountSecurity": { + "enabled": true, + "subsections": { + "password": { + "enabled": true, + }, + "securityQuestions": { + "enabled": false, + }, + "twoStepVerification": { + "enabled": true, + }, + "username": { + "enabled": true, + }, + }, + }, + "consent": { + "enabled": false, + }, + "oauthApplications": { + "enabled": false, + }, + "personalInformation": { + "enabled": true, + }, + "preferences": { + "enabled": false, + }, + "social": { + "enabled": false, + }, + "trustedDevices": { + "enabled": true, + }, + }, + "backgroundColor": "#FFFFFF", + "backgroundImage": "", + "bodyText": "#000000", + "buttonRounded": "0", + "dangerColor": "#f7685b", + "favicon": "", + "isDefault": false, + "journeyFooter": "
© 2021 +My Company, IncPrivacy PolicyTerms & Conditions
", + "journeyFooterEnabled": false, + "journeyHeader": "
Header Content
", + "journeyHeaderEnabled": false, + "journeyJustifiedContent": "", + "journeyJustifiedContentEnabled": false, + "journeyLayout": "card", + "journeyTheaterMode": false, + "linkActiveColor": "#000000", + "linkColor": "#000000", + "linkedTrees": [], + "logo": "https://cdn.forgerock.com/platform/themes/contrast/logo-contrast.svg", + "logoAltText": "Contrast", + "logoEnabled": true, + "logoHeight": "72", + "logoProfile": "data:image/svg+xml,%0A%3Csvg width='46' height='46' viewBox='0 0 46 46' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M24.3477 13.5664H43.9438C43.5192 12.6317 43.0319 11.734 42.4905 10.8711H24.3477V13.5664Z' fill='black'/%3E%3Cpath d='M24.3477 8.17578H40.5261C39.6996 7.2052 38.7974 6.30182 37.8224 5.48047H24.3477V8.17578Z' fill='black'/%3E%3Cpath d='M24.3477 40.5195H37.8224C38.7975 39.6982 39.6996 38.7948 40.5261 37.8242H24.3477V40.5195Z' fill='black'/%3E%3Cpath d='M24.3477 2.78516H33.8482C31.0136 1.27039 27.7313 0.198195 24.3477 0V2.78516Z' fill='black'/%3E%3Cpath d='M24.3477 18.957H45.6208C45.4566 18.0405 45.2557 17.1372 44.9856 16.2617H24.3477V18.957Z' fill='black'/%3E%3Cpath d='M24.3477 21.6523V24.3477H45.9317C45.958 23.8992 46 23.4549 46 23C46 22.5451 45.958 22.1008 45.9317 21.6523H24.3477Z' fill='black'/%3E%3Cpath d='M0 23C0 35.1781 9.64778 45.2964 21.6523 46V0C9.64778 0.703566 0 10.8219 0 23Z' fill='black'/%3E%3Cpath d='M24.3477 46C27.7313 45.8018 31.0136 44.7296 33.8482 43.2148H24.3477V46Z' fill='black'/%3E%3Cpath d='M45.6208 27.043H24.3477V29.7383H44.9857C45.2557 28.8628 45.4566 27.9595 45.6208 27.043V27.043Z' fill='black'/%3E%3Cpath d='M24.3477 35.1289H42.4905C43.0319 34.266 43.5192 33.3683 43.9438 32.4336H24.3477V35.1289Z' fill='black'/%3E%3C/svg%3E%0A", + "logoProfileAltText": "Contrast", + "logoProfileCollapsed": "data:image/svg+xml,%0A%3Csvg width='46' height='46' viewBox='0 0 46 46' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M24.3477 13.5664H43.9438C43.5192 12.6317 43.0319 11.734 42.4905 10.8711H24.3477V13.5664Z' fill='black'/%3E%3Cpath d='M24.3477 8.17578H40.5261C39.6996 7.2052 38.7974 6.30182 37.8224 5.48047H24.3477V8.17578Z' fill='black'/%3E%3Cpath d='M24.3477 40.5195H37.8224C38.7975 39.6982 39.6996 38.7948 40.5261 37.8242H24.3477V40.5195Z' fill='black'/%3E%3Cpath d='M24.3477 2.78516H33.8482C31.0136 1.27039 27.7313 0.198195 24.3477 0V2.78516Z' fill='black'/%3E%3Cpath d='M24.3477 18.957H45.6208C45.4566 18.0405 45.2557 17.1372 44.9856 16.2617H24.3477V18.957Z' fill='black'/%3E%3Cpath d='M24.3477 21.6523V24.3477H45.9317C45.958 23.8992 46 23.4549 46 23C46 22.5451 45.958 22.1008 45.9317 21.6523H24.3477Z' fill='black'/%3E%3Cpath d='M0 23C0 35.1781 9.64778 45.2964 21.6523 46V0C9.64778 0.703566 0 10.8219 0 23Z' fill='black'/%3E%3Cpath d='M24.3477 46C27.7313 45.8018 31.0136 44.7296 33.8482 43.2148H24.3477V46Z' fill='black'/%3E%3Cpath d='M45.6208 27.043H24.3477V29.7383H44.9857C45.2557 28.8628 45.4566 27.9595 45.6208 27.043V27.043Z' fill='black'/%3E%3Cpath d='M24.3477 35.1289H42.4905C43.0319 34.266 43.5192 33.3683 43.9438 32.4336H24.3477V35.1289Z' fill='black'/%3E%3C/svg%3E%0A", + "logoProfileCollapsedAltText": "", + "logoProfileCollapsedHeight": "22", + "logoProfileHeight": "22", + "name": "Contrast", + "pageTitle": "#23282e", + "primaryColor": "#000000", + "primaryOffColor": "#000000", + "profileBackgroundColor": "#FFFFFF", + "profileMenuHighlightColor": "#FFFFFF", + "profileMenuHoverColor": "#FFFFFF", + "profileMenuHoverTextColor": "#000000", + "profileMenuTextHighlightColor": "#455469", + "secondaryColor": "#69788b", + "textColor": "#ffffff", + }, + }, +} +`; - /* - logger.error(scriptName + ' results:') - logger.error('Values: ' + userInfoClaims.getValues()) - logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) - */ +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Highlander.theme.json 1`] = ` +{ + "meta": Any, + "theme": { + "00203891-dde0-4114-b27a-219ae0b43a61": { + "_id": "00203891-dde0-4114-b27a-219ae0b43a61", + "accountFooter": " +", + "accountFooterEnabled": true, + "accountPageSections": { + "accountControls": { + "enabled": false, + }, + "accountSecurity": { + "enabled": true, + "subsections": { + "password": { + "enabled": true, + }, + "securityQuestions": { + "enabled": false, + }, + "twoStepVerification": { + "enabled": true, + }, + "username": { + "enabled": true, + }, + }, + }, + "consent": { + "enabled": false, + }, + "oauthApplications": { + "enabled": false, + }, + "personalInformation": { + "enabled": true, + }, + "preferences": { + "enabled": false, + }, + "social": { + "enabled": false, + }, + "trustedDevices": { + "enabled": true, + }, + }, + "backgroundColor": "#FFFFFF", + "backgroundImage": "", + "bodyText": "#5E6D82", + "buttonRounded": "50", + "dangerColor": "#f7685b", + "favicon": "", + "isDefault": false, + "journeyFooter": " - return userInfoClaims; -}()); ", + "journeyFooterEnabled": true, + "journeyHeader": "
+ +
+", + "journeyHeaderEnabled": true, + "journeyJustifiedContent": "", + "journeyJustifiedContentEnabled": false, + "journeyLayout": "card", + "journeyTheaterMode": false, + "linkActiveColor": "#C60819", + "linkColor": "#EB0A1E", + "linkedTrees": [], + "logo": "", + "logoAltText": "", + "logoEnabled": true, + "logoHeight": "40", + "logoProfile": "https://cdn.forgerock.com/platform/themes/highlander/logo-highlander-full.svg", + "logoProfileAltText": "Highlander", + "logoProfileCollapsed": "https://cdn.forgerock.com/platform/themes/highlander/logo-highlander-icon.svg", + "logoProfileCollapsedAltText": "Highlander", + "logoProfileCollapsedHeight": "28", + "logoProfileHeight": "28", + "name": "Highlander", + "pageTitle": "#23282e", + "primaryColor": "#EB0A1E", + "primaryOffColor": "#C60819", + "profileBackgroundColor": "#FFFFFF", + "profileMenuHighlightColor": "#FFFFFF", + "profileMenuHoverColor": "#FFFFFF", + "profileMenuHoverTextColor": "#455469", + "profileMenuTextHighlightColor": "#EB0A1E", + "secondaryColor": "#69788b", + "textColor": "#ffffff", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Robroy.theme.json 1`] = ` +{ + "meta": Any, + "theme": { + "b82755e8-fe9a-4d27-b66b-45e37ae12345": { + "_id": "b82755e8-fe9a-4d27-b66b-45e37ae12345", + "accountFooter": " +", + "accountFooterEnabled": true, + "accountPageSections": { + "accountControls": { + "enabled": false, + }, + "accountSecurity": { + "enabled": true, + "subsections": { + "password": { + "enabled": true, + }, + "securityQuestions": { + "enabled": false, + }, + "twoStepVerification": { + "enabled": true, + }, + "username": { + "enabled": true, + }, + }, + }, + "consent": { + "enabled": false, + }, + "oauthApplications": { + "enabled": false, + }, + "personalInformation": { + "enabled": true, + }, + "preferences": { + "enabled": false, + }, + "social": { + "enabled": false, + }, + "trustedDevices": { + "enabled": true, + }, + }, + "backgroundColor": "#FFFFFF", + "backgroundImage": "", + "bodyText": "#5E6D82", + "buttonRounded": "50", + "dangerColor": "#f7685b", + "favicon": "", + "isDefault": false, + "journeyFooter": " +", + "journeyFooterEnabled": true, + "journeyHeader": "
+ +
+", + "journeyHeaderEnabled": true, + "journeyJustifiedContent": "", + "journeyJustifiedContentEnabled": true, + "journeyLayout": "justified-right", + "journeyTheaterMode": false, + "linkActiveColor": "#49871E", + "linkColor": "#5AA625", + "linkedTrees": [], + "logo": "", + "logoAltText": "", + "logoEnabled": true, + "logoHeight": "40", + "logoProfile": "data:image/svg+xml,%0A%3Csvg width='156' height='34' viewBox='0 0 156 34' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cg clip-path='url(%23clip0)'%3E%3Cpath d='M32.5539 32.5538C32.5539 32.5538 17.0796 35.6024 7.23861 25.7614C-2.60242 15.9204 0.446148 0.446137 0.446148 0.446137C0.446148 0.446137 15.9204 -2.60243 25.7614 7.23866C35.6024 17.0797 32.5539 32.5538 32.5539 32.5538Z' fill='%23C3EA21'/%3E%3Cpath d='M32.5537 32.554C32.5537 32.554 17.0795 35.6026 7.23845 25.7615C-2.60257 15.9205 0.445995 0.446289 0.445995 0.446289L32.5537 32.554Z' fill='%238ADB53'/%3E%3C/g%3E%3Cpath d='M51.053 25.38L53.186 25.11V8.964L51.161 8.586V6.939H55.076C55.418 6.939 55.796 6.93 56.21 6.912C56.624 6.894 56.939 6.876 57.155 6.858C58.091 6.786 58.865 6.75 59.477 6.75C61.331 6.75 62.816 6.939 63.932 7.317C65.048 7.695 65.858 8.271 66.362 9.045C66.866 9.819 67.118 10.836 67.118 12.096C67.118 13.338 66.785 14.49 66.119 15.552C65.453 16.614 64.49 17.343 63.23 17.739C63.95 18.045 64.589 18.603 65.147 19.413C65.705 20.223 66.299 21.276 66.929 22.572C67.379 23.454 67.721 24.093 67.955 24.489C68.207 24.867 68.45 25.083 68.684 25.137L69.575 25.407V27H64.985C64.697 27 64.391 26.712 64.067 26.136C63.761 25.542 63.356 24.615 62.852 23.355C62.258 21.879 61.745 20.727 61.313 19.899C60.881 19.071 60.422 18.558 59.936 18.36H57.155V25.11L59.639 25.38V27H51.053V25.38ZM59.639 16.713C60.665 16.713 61.466 16.344 62.042 15.606C62.618 14.868 62.906 13.761 62.906 12.285C62.906 10.971 62.618 9.999 62.042 9.369C61.484 8.739 60.512 8.424 59.126 8.424C58.622 8.424 58.19 8.451 57.83 8.505C57.488 8.541 57.263 8.559 57.155 8.559V16.659C57.371 16.695 57.893 16.713 58.721 16.713H59.639ZM70.674 19.521C70.674 17.829 71.007 16.389 71.673 15.201C72.357 14.013 73.266 13.122 74.4 12.528C75.534 11.916 76.767 11.61 78.099 11.61C80.367 11.61 82.113 12.312 83.337 13.716C84.579 15.102 85.2 16.992 85.2 19.386C85.2 21.096 84.858 22.554 84.174 23.76C83.508 24.948 82.608 25.839 81.474 26.433C80.358 27.009 79.125 27.297 77.775 27.297C75.525 27.297 73.779 26.604 72.537 25.218C71.295 23.814 70.674 21.915 70.674 19.521ZM77.991 25.542C80.025 25.542 81.042 23.58 81.042 19.656C81.042 17.604 80.799 16.047 80.313 14.985C79.827 13.905 79.035 13.365 77.937 13.365C75.849 13.365 74.805 15.327 74.805 19.251C74.805 21.303 75.057 22.869 75.561 23.949C76.083 25.011 76.893 25.542 77.991 25.542ZM86.4395 5.454L91.3805 4.86H91.4345L92.1905 5.373V13.338C92.6765 12.852 93.2705 12.447 93.9725 12.123C94.6925 11.781 95.4665 11.61 96.2945 11.61C98.0225 11.61 99.4265 12.222 100.506 13.446C101.604 14.652 102.153 16.506 102.153 19.008C102.153 20.556 101.829 21.96 101.181 23.22C100.533 24.48 99.5975 25.479 98.3735 26.217C97.1675 26.937 95.7635 27.297 94.1615 27.297C92.7395 27.297 91.5065 27.18 90.4625 26.946C89.4185 26.694 88.7525 26.469 88.4645 26.271V7.182L86.4395 6.858V5.454ZM94.8635 13.986C94.3235 13.986 93.8105 14.112 93.3245 14.364C92.8565 14.598 92.4785 14.868 92.1905 15.174V25.029C92.2985 25.227 92.5505 25.389 92.9465 25.515C93.3425 25.641 93.7925 25.704 94.2965 25.704C95.4485 25.704 96.3665 25.173 97.0505 24.111C97.7525 23.031 98.1035 21.438 98.1035 19.332C98.1035 17.514 97.8065 16.173 97.2125 15.309C96.6185 14.427 95.8355 13.986 94.8635 13.986Z' fill='black'/%3E%3Cpath d='M104.183 25.38L106.316 25.11V8.964L104.291 8.586V6.939H108.206C108.548 6.939 108.926 6.93 109.34 6.912C109.754 6.894 110.069 6.876 110.285 6.858C111.221 6.786 111.995 6.75 112.607 6.75C114.461 6.75 115.946 6.939 117.062 7.317C118.178 7.695 118.988 8.271 119.492 9.045C119.996 9.819 120.248 10.836 120.248 12.096C120.248 13.338 119.915 14.49 119.249 15.552C118.583 16.614 117.62 17.343 116.36 17.739C117.08 18.045 117.719 18.603 118.277 19.413C118.835 20.223 119.429 21.276 120.059 22.572C120.509 23.454 120.851 24.093 121.085 24.489C121.337 24.867 121.58 25.083 121.814 25.137L122.705 25.407V27H118.115C117.827 27 117.521 26.712 117.197 26.136C116.891 25.542 116.486 24.615 115.982 23.355C115.388 21.879 114.875 20.727 114.443 19.899C114.011 19.071 113.552 18.558 113.066 18.36H110.285V25.11L112.769 25.38V27H104.183V25.38ZM112.769 16.713C113.795 16.713 114.596 16.344 115.172 15.606C115.748 14.868 116.036 13.761 116.036 12.285C116.036 10.971 115.748 9.999 115.172 9.369C114.614 8.739 113.642 8.424 112.256 8.424C111.752 8.424 111.32 8.451 110.96 8.505C110.618 8.541 110.393 8.559 110.285 8.559V16.659C110.501 16.695 111.023 16.713 111.851 16.713H112.769ZM123.804 19.521C123.804 17.829 124.137 16.389 124.803 15.201C125.487 14.013 126.396 13.122 127.53 12.528C128.664 11.916 129.897 11.61 131.229 11.61C133.497 11.61 135.243 12.312 136.467 13.716C137.709 15.102 138.33 16.992 138.33 19.386C138.33 21.096 137.988 22.554 137.304 23.76C136.638 24.948 135.738 25.839 134.604 26.433C133.488 27.009 132.255 27.297 130.905 27.297C128.655 27.297 126.909 26.604 125.667 25.218C124.425 23.814 123.804 21.915 123.804 19.521ZM131.121 25.542C133.155 25.542 134.172 23.58 134.172 19.656C134.172 17.604 133.929 16.047 133.443 14.985C132.957 13.905 132.165 13.365 131.067 13.365C128.979 13.365 127.935 15.327 127.935 19.251C127.935 21.303 128.187 22.869 128.691 23.949C129.213 25.011 130.023 25.542 131.121 25.542ZM143.187 33.723C142.863 33.723 142.512 33.696 142.134 33.642C141.774 33.588 141.513 33.525 141.351 33.453V30.564C141.477 30.636 141.729 30.708 142.107 30.78C142.485 30.852 142.827 30.888 143.133 30.888C144.033 30.888 144.771 30.591 145.347 29.997C145.941 29.403 146.49 28.404 146.994 27H145.536L140.46 13.905L139.245 13.554V11.988H146.67V13.554L144.699 13.878L147.102 21.357L148.074 24.543L148.911 21.357L151.125 13.878L149.424 13.554V11.988H155.283V13.554L153.96 13.878C152.97 16.902 151.989 19.818 151.017 22.626C150.045 25.434 149.478 27.009 149.316 27.351C148.74 28.863 148.191 30.069 147.669 30.969C147.147 31.869 146.526 32.553 145.806 33.021C145.086 33.489 144.213 33.723 143.187 33.723Z' fill='%236CBE34'/%3E%3Cdefs%3E%3CclipPath id='clip0'%3E%3Crect width='33' height='33' fill='white' transform='matrix(-1 0 0 1 33 0)'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E%0A", + "logoProfileAltText": "RobRoy", + "logoProfileCollapsed": "data:image/svg+xml,%0A%3Csvg width='33' height='33' viewBox='0 0 33 33' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cg clip-path='url(%23clip0)'%3E%3Cpath d='M32.5539 32.5538C32.5539 32.5538 17.0796 35.6024 7.23861 25.7614C-2.60242 15.9204 0.446148 0.446137 0.446148 0.446137C0.446148 0.446137 15.9204 -2.60243 25.7614 7.23866C35.6024 17.0797 32.5539 32.5538 32.5539 32.5538Z' fill='%23C3EA21'/%3E%3Cpath d='M32.5537 32.554C32.5537 32.554 17.0795 35.6026 7.23845 25.7615C-2.60257 15.9205 0.445996 0.446289 0.445996 0.446289L32.5537 32.554Z' fill='%238ADB53'/%3E%3C/g%3E%3Cdefs%3E%3CclipPath id='clip0'%3E%3Crect width='33' height='33' fill='white' transform='matrix(-1 0 0 1 33 0)'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E%0A", + "logoProfileCollapsedAltText": "RobRoy", + "logoProfileCollapsedHeight": "28", + "logoProfileHeight": "28", + "name": "Robroy", + "pageTitle": "#23282e", + "primaryColor": "#5AA625", + "primaryOffColor": "#49871E", + "profileBackgroundColor": "#FFFFFF", + "profileMenuHighlightColor": "#FFFFFF", + "profileMenuHoverColor": "#FFFFFF", + "profileMenuHoverTextColor": "#455469", + "profileMenuTextHighlightColor": "#5AA625", + "secondaryColor": "#69788b", + "textColor": "#ffffff", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Starter-Theme.theme.json 1`] = ` +{ + "meta": Any, + "theme": { + "86ce2f64-586d-44fe-8593-b12a85aac68d": { + "_id": "86ce2f64-586d-44fe-8593-b12a85aac68d", + "accountFooter": "
© 2021 +My Company, IncPrivacy PolicyTerms & Conditions
", + "accountFooterEnabled": false, + "accountPageSections": { + "accountControls": { + "enabled": false, + }, + "accountSecurity": { + "enabled": true, + "subsections": { + "password": { + "enabled": true, + }, + "securityQuestions": { + "enabled": false, + }, + "twoStepVerification": { + "enabled": true, + }, + "username": { + "enabled": true, + }, + }, + }, + "consent": { + "enabled": false, + }, + "oauthApplications": { + "enabled": false, + }, + "personalInformation": { + "enabled": true, + }, + "preferences": { + "enabled": false, + }, + "social": { + "enabled": false, + }, + "trustedDevices": { + "enabled": true, + }, + }, + "backgroundColor": "#324054", + "backgroundImage": "", + "bodyText": "#23282e", + "buttonRounded": 5, + "dangerColor": "#f7685b", + "favicon": "", + "isDefault": true, + "journeyFooter": "
© 2021 +My Company, IncPrivacy PolicyTerms & Conditions
", + "journeyFooterEnabled": false, + "journeyHeader": "
Header Content
", + "journeyHeaderEnabled": false, + "journeyJustifiedContent": "", + "journeyJustifiedContentEnabled": false, + "journeyLayout": "card", + "journeyTheaterMode": false, + "linkActiveColor": "#0c85cf", + "linkColor": "#109cf1", + "linkedTrees": [], + "logo": "", + "logoAltText": "", + "logoHeight": "40", + "logoProfile": "", + "logoProfileAltText": "", + "logoProfileCollapsed": "", + "logoProfileCollapsedAltText": "", + "logoProfileCollapsedHeight": "40", + "logoProfileHeight": "40", + "name": "Starter Theme", + "pageTitle": "#23282e", + "primaryColor": "#324054", + "primaryOffColor": "#242E3C", + "profileBackgroundColor": "#f6f8fa", + "profileMenuHighlightColor": "#f3f5f8", + "profileMenuHoverColor": "#324054", + "profileMenuHoverTextColor": "#ffffff", + "profileMenuTextHighlightColor": "#455469", + "secondaryColor": "#69788b", + "textColor": "#ffffff", }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Zardoz.theme.json 1`] = ` { "meta": Any, - "script": { - "449ef739-828e-42b4-92d6-0456d378671e": { - "_id": "449ef739-828e-42b4-92d6-0456d378671e", - "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Used by endUserUIClient", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Bravo endUserUIClient OAuth2 Access Token Modification Script", - "script": "(function () { - if (scopes.contains('fr:autoaccess:*') || scopes.contains('fr:iga:*') || scopes.contains('fr:idc:analytics:*')) { - var fr = JavaImporter( - com.sun.identity.idm.IdType - ); - var groups = []; - identity.getMemberships(fr.IdType.GROUP).toArray().forEach(function (group) { - groups.push(group.getAttribute('cn').toArray()[0]); - }); - accessToken.setField('groups', groups); - } -}()); + "theme": { + "4ded6d91-ceea-400a-ae3f-42209f1b0e06": { + "_id": "4ded6d91-ceea-400a-ae3f-42209f1b0e06", + "accountFooter": " +", + "accountFooterEnabled": true, + "accountPageSections": { + "accountControls": { + "enabled": false, + }, + "accountSecurity": { + "enabled": true, + "subsections": { + "password": { + "enabled": true, + }, + "securityQuestions": { + "enabled": false, + }, + "twoStepVerification": { + "enabled": true, + }, + "username": { + "enabled": true, + }, + }, + }, + "consent": { + "enabled": false, + }, + "oauthApplications": { + "enabled": false, + }, + "personalInformation": { + "enabled": true, + }, + "preferences": { + "enabled": false, + }, + "social": { + "enabled": false, + }, + "trustedDevices": { + "enabled": true, + }, + }, + "backgroundColor": "#FFFFFF", + "backgroundImage": "", + "bodyText": "#5E6D82", + "buttonRounded": "50", + "dangerColor": "#f7685b", + "favicon": "", + "isDefault": false, + "journeyFooter": " ", + "journeyFooterEnabled": true, + "journeyHeader": "
Header Content
", + "journeyHeaderEnabled": false, + "journeyJustifiedContent": "
+

Uptime & Performance Benchmarking Made Easy

+
+ +", + "journeyJustifiedContentEnabled": true, + "journeyLayout": "justified-right", + "journeyTheaterMode": true, + "linkActiveColor": "#007661", + "linkColor": "#009C80", + "linkedTrees": [], + "logo": "https://cdn.forgerock.com/platform/themes/zardoz/logo-zardoz.svg", + "logoAltText": "Zardoz Logo", + "logoEnabled": true, + "logoHeight": "47", + "logoProfile": "https://cdn.forgerock.com/platform/themes/zardoz/logo-zardoz.svg", + "logoProfileAltText": "Zardaz Logo", + "logoProfileCollapsed": "https://cdn.forgerock.com/platform/themes/zardoz/logo-zardoz.svg", + "logoProfileCollapsedAltText": "Zardaz Logo", + "logoProfileCollapsedHeight": "28", + "logoProfileHeight": "40", + "name": "Zardoz", + "pageTitle": "#23282e", + "primaryColor": "#009C80", + "primaryOffColor": "#007661", + "profileBackgroundColor": "#FFFFFF", + "profileMenuHighlightColor": "#FFFFFF", + "profileMenuHoverColor": "#FFFFFF", + "profileMenuHoverTextColor": "#455469", + "profileMenuTextHighlightColor": "#009C80", + "secondaryColor": "#69788b", + "textColor": "#ffffff", }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Bravo-endUserUIClient-OIDC-Claims-Script.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate 1`] = `""`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/agent/AgentService.agent.json 1`] = ` { + "agent": { + "AgentService": { + "_id": "AgentService", + "_type": { + "_id": "AgentService", + "collection": false, + "name": "AgentService", + }, + }, + }, "meta": Any, - "script": { - "d3ced49b-50cd-4ee9-bd8b-33a46f367fb1": { - "_id": "d3ced49b-50cd-4ee9-bd8b-33a46f367fb1", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Used by endUserUIClient", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Bravo endUserUIClient OIDC Claims Script", - "script": "/* - * Copyright 2014-2021 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. - * The claim values are computed for: - * the claims derived from the requested scopes, - * the claims provided by the authorization server, - * and the claims requested by the client via the claims parameter. - * - * In the CONFIGURATION AND CUSTOMIZATION section, you can - * define the scope-to-claims mapping, and - * assign to each claim a resolver function that will compute the claim value. - * - * Defined variables (class references are provided below): - * scopes - Set (6). - * Always present, the requested scopes. - * claims - Map (5). - * Always present, default server provided claims. - * claimObjects - List (7, 2). - * Always present, the default server provided claims. - * requestedClaims - Map> (5). - * Always present, not empty if the request contains the claims parameter and the server has enabled - * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; - * requested claims with no requested values will have a key but no value in the map. A key with - * a single value in its Set (6) indicates that this is the only value that should be returned. - * requestedTypedClaims - List (7, 2). - * Always present, the requested claims. - * Requested claims with no requested values will have a claim with no values. - * A claim with a single value indicates this is the only value that should be returned. - * claimsLocales - List (7). - * The values from the 'claims_locales' parameter. - * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. - * requestProperties - Unmodifiable Map (5). - * Always present, contains a map of request properties: - * requestUri - The request URI. - * realm - The realm that the request relates to. - * requestParams - A map of the request params and/or posted data. - * Each value is a list of one or more properties. - * Please note that these should be handled in accordance with OWASP best practices: - * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. - * clientProperties - Unmodifiable Map (5). - * Present if the client specified in the request was identified, contains a map of client properties: - * clientId - The client's URI for the request locale. - * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. - * allowedResponseTypes - List of the allowed response types for the client. - * allowedScopes - List of the allowed scopes for the client. - * customProperties - A map of the custom properties of the client. - * Lists or maps will be included as sub-maps; for example: - * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. - * To add custom properties to a client, update the Custom Properties field - * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. - * identity - AMIdentity (3). - * Always present, the identity of the resource owner. - * session - SSOToken (4). - * Present if the request contains the session cookie, the user's session object. - * scriptName - String (primitive). - * Always present, the display name of the script. - * logger - Always present, the "OAuth2Provider" debug logger instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. - * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. - * httpClient - HTTP Client (8). - * Always present, the HTTP Client instance: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. - * In order to use the client, you may need to add - * org.forgerock.http.Client, - * org.forgerock.http.protocol.*, - * and org.forgerock.util.promise.PromiseImpl - * to the allowed Java classes in the scripting engine configuration, as described in: - * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html - * - * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. - * The result of the last statement in the script is returned to the server. - * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) - * is the last (and only) statement in this script, and its return value will become the script result. - * Do not use "return variable" statement outside of a function definition. - * See RESULTS section for additional details. - * - * Class reference: - * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. - * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). - * An instance of org.forgerock.openidconnect.Claim has methods to access - * the claim name, requested values, locale, and whether the claim is essential. - * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. - * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. - * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, - * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. - * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. - * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. - * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. -*/ +} +`; -(function () { - // SETUP +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authentication/global.authentication.settings.json 1`] = ` +{ + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "authenticators": [ + "com.sun.identity.authentication.modules.ad.AD", + "org.forgerock.openam.authentication.modules.saml2.SAML2", + "org.forgerock.openam.authentication.modules.social.SocialAuthInstagram", + "org.forgerock.openam.authentication.modules.oath.OATH", + "org.forgerock.openam.authentication.modules.social.SocialAuthVK", + "com.sun.identity.authentication.modules.membership.Membership", + "com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO", + "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave", + "com.sun.identity.authentication.modules.federation.Federation", + "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdMatch", + "com.sun.identity.authentication.modules.jdbc.JDBC", + "com.sun.identity.authentication.modules.radius.RADIUS", + "com.sun.identity.authentication.modules.anonymous.Anonymous", + "com.sun.identity.authentication.modules.cert.Cert", + "org.forgerock.openam.authentication.modules.push.registration.AuthenticatorPushRegistration", + "com.sun.identity.authentication.modules.httpbasic.HTTPBasic", + "org.forgerock.openam.authentication.modules.oidc.OpenIdConnect", + "com.sun.identity.authentication.modules.sae.SAE", + "org.forgerock.openam.authentication.modules.social.SocialAuthWeChat", + "org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookie", + "org.forgerock.openam.authentication.modules.social.SocialAuthTwitter", + "com.sun.identity.authentication.modules.ldap.LDAP", + "org.forgerock.openam.authentication.modules.push.AuthenticatorPush", + "org.forgerock.openam.authentication.modules.oauth2.OAuth", + "com.sun.identity.authentication.modules.nt.NT", + "org.forgerock.openam.authentication.modules.social.SocialAuthWeChatMobile", + "org.forgerock.openam.authentication.modules.jwtpop.JwtProofOfPossession", + "com.sun.identity.authentication.modules.application.Application", + "org.forgerock.openam.authentication.modules.scripted.Scripted", + "org.forgerock.openam.authentication.modules.social.SocialAuthOAuth2", + "com.sun.identity.authentication.modules.hotp.HOTP", + "org.forgerock.openam.authentication.modules.adaptive.Adaptive", + "org.forgerock.openam.authentication.modules.accountactivecheck.AccountActiveCheck", + "org.forgerock.openam.authentication.modules.social.SocialAuthOpenID", + "com.sun.identity.authentication.modules.msisdn.MSISDN", + "org.forgerock.openam.authentication.modules.fr.oath.AuthenticatorOATH", + "com.sun.identity.authentication.modules.datastore.DataStore", + "com.sun.identity.authentication.modules.securid.SecurID", + "org.forgerock.openam.authentication.modules.amster.Amster", + ], + "defaults": { + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "[Empty]", + "orgConfig": "[Empty]", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "keepPostProcessInstances": false, + "ldapConnectionPoolDefaultSize": "1:10", + "ldapConnectionPoolSize": [], + "remoteAuthSecurityEnabled": false, + }, + "meta": Any, +} +`; - /** - * Claim processing utilities. - * An object that contains reusable functions for processing claims. - * @see CLAIM PROCESSING UTILITIES section for details. - */ - var utils = getUtils(); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationChains/EMPTY.authenticationChains.json 1`] = ` +{ + "authenticationChains": { + "EMPTY": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Authentication Configuration", + }, + "dynamic": { + "authChainConfiguration": "[Empty]", + }, + }, + }, + "meta": Any, +} +`; - // CONFIGURATION AND CUSTOMIZATION +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/accountactivecheck.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "accountactivecheck": { + "_id": "accountactivecheck", + "_type": { + "_id": "accountactivecheck", + "collection": false, + "name": "Account Active Check", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + }, + "meta": Any, +} +`; - /** - * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a scope value to an array of claim names - * to specify which claims need to be processed and returned for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} - * for the scope values that could be used to request claims as defined in the OIDC specification. - * - * Below, find a default configuration that is expected to work in the current environment. - * - * CUSTOMIZATION - * You can choose the claim names returned for a scope. - */ - utils.setScopeClaimsMap({ - profile: [ - 'name', - 'family_name', - 'given_name', - 'zoneinfo', - 'locale' +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/activedirectory.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "activedirectory": { + "_id": "activedirectory", + "_type": { + "_id": "activedirectory", + "collection": false, + "name": "Active Directory", + }, + "defaults": { + "authenticationLevel": 0, + "connectionHeartbeatInterval": 1, + "connectionHeartbeatTimeUnit": "MINUTES", + "openam-auth-ldap-connection-mode": "LDAP", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", ], - email: ['email'], - address: ['address'], - phone: ['phone_number'] - }); - - /** - * In this script, each claim - * derived from the requested scopes, - * provided by the authorization server, and - * requested by the client via the claims parameter - * will be processed by a function associated with the claim name. - * - * Call this configuration method, and pass in as the first argument - * an object that maps a claim name to a resolver function, - * which will be automatically executed for each claim processed by the script. - * - * The claim resolver function will receive the requested claim information - * in an instance of org.forgerock.openidconnect.Claim as the first argument. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} - * for details on the Claim class. - * - * If the claim resolver function returns a value, - * other than undefined or null, - * the claim will be included in the script's results. - * - * The Claim instance provides methods to check - * what the name of the claim is, - * which values the claim request contains, - * whether the claim is essential, and - * which locale the claim is associated with. - * The resolver function can consider this information when computing and returning the claim value. - * - * Below, find a default configuration that is expected to work in the current environment. - * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), - * is called to return a claim resolver function based on a user profile attribute. - * @see CLAIM RESOLVERS section for the implementation details and examples. - * For the address claim, an example of a claim resolver that uses another claim resolver is provided. - * - * CUSTOMIZATION - * You can reuse the predefined utils methods with your custom arguments. - * You can also specify a custom resolver function for a claim name, - * that will compute and return the claim value—as shown in the commented out example below. - */ - utils.setClaimResolvers({ - /* - // An example of a simple claim resolver function that is defined for a claim - // directly in the configuration object: - custom-claim-name: function (requestedClaim) { - // In this case, initially, the claim value comes straight from a user profile attribute value: - var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] - - // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. - // You can use: - // requestedClaim.getName() - // requestedClaim.getValues() - // requestedClaim.getLocale() - // requestedClaim.isEssential() + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + }, + }, + "meta": Any, +} +`; - return claimValue +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/adaptiverisk.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "adaptiverisk": { + "_id": "adaptiverisk", + "_type": { + "_id": "adaptiverisk", + "collection": false, + "name": "Adaptive Risk ", + }, + "defaults": { + "attributecheck": { + "invertProfileRiskAttributeScore": false, + "profileRiskAttributeCheckEnabled": false, + "profileRiskAttributeScore": 1, }, - */ - /** - * The use of utils.getUserProfileClaimResolver shows how - * an argument passed to a function that returns a claim resolver - * becomes available to the resolver function (via its lexical context). - */ - name: utils.getUserProfileClaimResolver('cn'), - family_name: utils.getUserProfileClaimResolver('sn'), - given_name: utils.getUserProfileClaimResolver('givenname'), - zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), - locale: utils.getUserProfileClaimResolver('preferredlocale'), - email: utils.getUserProfileClaimResolver('mail'), - address: utils.getAddressClaimResolver( - /** - * The passed in user profile claim resolver function - * can be used by the address claim resolver function - * to obtain the claim value to be formatted as per the OIDC specification: - * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. - */ - utils.getUserProfileClaimResolver('postaladdress') - ), - phone_number: utils.getUserProfileClaimResolver('telephonenumber') - }); - - // CLAIM PROCESSING UTILITIES - - /** - * @returns {object} An object that contains reusable claim processing utilities. - * @see PUBLIC METHODS section and the return statement for the list of exported functions. - */ - function getUtils () { - // IMPORT JAVA - - /** - * Provides Java scripting functionality. - * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. - */ - var frJava = JavaImporter( - org.forgerock.oauth2.core.exceptions.InvalidRequestException, - org.forgerock.oauth2.core.UserInfoClaims, - org.forgerock.openidconnect.Claim, - - java.util.LinkedHashMap, - java.util.ArrayList - ); - - // SET UP CONFIGURATION - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported scope values (scopes) - * and the corresponding claim names for each scope value. - */ - var scopeClaimsMap; - - /** - * Placeholder for a configuration option that contains - * an object that maps the supported claim names - * and the resolver functions returning the claim value. - */ - var claimResolvers; - - /** - * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps each supported scope value to an array of claim names, - * in order to specify which claims need to be processed for the requested scopes. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. - * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. - * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. - * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. - * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. - * @returns {undefined} - */ - function setScopeClaimsMap(params) { - scopeClaimsMap = params; - } - - /** - * A (public) method that accepts an object that maps the supported claim names - * and the resolver functions returning the claim value, - * and assigns it to a (private) variable that serves as a configuration option. - * @param {object} params - An object that maps - * each supported claim name to a function that computes and returns the claim value. - */ - function setClaimResolvers(params) { - claimResolvers = params; - } - - // CLAIM RESOLVERS - - /** - * Claim resolvers are functions that return a claim value. - * @param {*} - * @returns {*} - */ - - /** - * Defines a claim resolver based on a user profile attribute. - * @param {string} attributeName - Name of the user profile attribute. - * @returns {function} A function that will determine the claim value - * based on the user profile attribute and the (requested) claim properties. - */ - function getUserProfileClaimResolver (attributeName) { - /** - * Resolves a claim with a user profile attribute value. - * Returns undefined if the identity attribute is not populated, - * OR if the claim has requested values that do not contain the identity attribute value. - * ATTENTION: the aforementioned comparison is case-sensitive. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {string|HashSet|undefined} - */ - function resolveClaim(claim) { - var userProfileValue; - - if (identity) { - userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); - - if (userProfileValue && !userProfileValue.isEmpty()) { - if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { - return userProfileValue; - } - } - } - } - - return resolveClaim; - } - - /** - * Returns an address claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional formatting to the value before returning it. - */ - function getAddressClaimResolver (resolveClaim) { - /** - * Creates an address claim object from a value returned by a claim resolver, - * and returns the address claim object as the claim value. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. - * The claim value is obtained with a claim resolving function available from the closure. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. - */ - function resolveAddressClaim(claim) { - var claimValue = resolveClaim(claim); - var addressObject; - - if (isClaimValueValid(claimValue)) { - addressObject = new frJava.LinkedHashMap(); - - addressObject.put('formatted', claimValue); - - return addressObject; - } - } - - return resolveAddressClaim; - } - - /** - * Returns an essential claim resolver based on a claim value obtained with another claim resolver. - * @param {function} resolveClaim - A function that returns a claim value. - * @returns {function} A function that will accept a claim as an argument, - * run the claim resolver function for the claim and obtain the claim value, - * and apply additional logic for essential claims. - */ - function getEssentialClaimResolver (resolveClaim) { - /** - * Returns a claim value or throws an error. - * The claim value is obtained with a claim resolving function available from the closure. - * Throws an exception if the claim is essential and no value is returned for the claim. - * - * Use of this resolver is optional. - * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: - * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, - * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, - * unless otherwise specified in the description of the specific claim." - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - */ - function resolveEssentialClaim(claim) { - var claimValue = resolveClaim(claim); + "authfailed": { + "failedAuthenticationCheckEnabled": false, + "failureScore": 1, + "invertFailureScore": false, + }, + "devicecookie": { + "deviceCookieCheckEnabled": false, + "deviceCookieName": "Device", + "deviceCookieScore": 1, + "invertDeviceCookieScore": false, + "saveDeviceCookieValueOnSuccessfulLogin": false, + }, + "general": { + "authenticationLevel": 0, + "riskThreshold": 1, + }, + "geolocation": { + "geolocationCheckEnabled": false, + "geolocationScore": 1, + "invertGeolocationScore": false, + }, + "iphistory": { + "invertIPHistoryScore": false, + "ipHistoryCheckEnabled": false, + "ipHistoryCount": 5, + "ipHistoryProfileAttribute": "iphistory", + "ipHistoryScore": 1, + "saveSuccessfulIP": false, + }, + "iprange": { + "invertIPRangeScoreEnabled": false, + "ipRange": [ + "10.0.0.0/24", + ], + "ipRangeCheckEnabled": false, + "ipRangeScore": 1, + }, + "knowncookie": { + "createKnownCookieOnSuccessfulLogin": false, + "invertKnownCookieScore": false, + "knownCookieCheckEnabled": false, + "knownCookieScore": 1, + }, + "lastlogin": { + "invertTimeSinceLastLoginScore": false, + "saveLastLoginTimeOnSuccessfulLogin": false, + "timeSinceLastLoginCheckEnabled": false, + "timeSinceLastLoginScore": 1, + }, + "requestheader": { + "invertRequestHeaderScore": false, + "requestHeaderCheckEnabled": false, + "requestHeaderScore": 1, + }, + }, + }, + }, + "meta": Any, +} +`; - if (claim.isEssential() && !isClaimValueValid(claimValue)) { - throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/amster.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": false, + "name": "ForgeRock Amster", + }, + "defaults": { + "authenticationLevel": 0, + "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", + "enabled": true, + }, + }, + }, + "meta": Any, +} +`; - return claimValue; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/anonymous.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "anonymous": { + "_id": "anonymous", + "_type": { + "_id": "anonymous", + "collection": false, + "name": "Anonymous", + }, + "defaults": { + "authenticationLevel": 0, + "caseSensitiveUsernameMatchingEnabled": false, + "defaultAnonymousUsername": "anonymous", + "validAnonymousUsers": [], + }, + }, + }, + "meta": Any, +} +`; - return resolveEssentialClaim; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authJwtPoP.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authJwtPoP": { + "_id": "authJwtPoP", + "_type": { + "_id": "authJwtPoP", + "collection": false, + "name": "JWT Proof of Possession (PoP)", + }, + "defaults": { + "authenticationLevel": 0, + "enableTlsSessionBinding": true, + "responseEncryptionCipher": "A128GCM", + "responseEncryptionMethod": "ECDHE", + }, + }, + }, + "meta": Any, +} +`; - /** - * Provides default resolution for a claim. - * Use it if a claim-specific resolver is not defined in the configuration. - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} A single value associated with this claim. - */ - function resolveAnyClaim (claim) { - if (claim.getValues().size() === 1) { - return claim.getValues().toArray()[0]; - } - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authPush.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authPush": { + "_id": "authPush", + "_type": { + "_id": "authPush", + "collection": false, + "name": "ForgeRock Authenticator (Push)", + }, + "defaults": { + "authenticationLevel": 0, + "pushMessage": "Login attempt from {{user}} at {{issuer}}", + "timeoutInMilliSecconds": 120000, + }, + }, + }, + "meta": Any, +} +`; - // UTILITIES +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authPushReg.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authPushReg": { + "_id": "authPushReg", + "_type": { + "_id": "authPushReg", + "collection": false, + "name": "ForgeRock Authenticator (Push) Registration", + }, + "defaults": { + "appleLink": "https://itunes.apple.com/app/forgerock-authenticator/id1038442926", + "authenticationLevel": 0, + "bgcolour": "#519387", + "googleLink": "https://play.google.com/store/apps/details?id=com.forgerock.authenticator", + "issuer": "ForgeRock", + "timeoutInMilliSecconds": 120000, + }, + }, + }, + "meta": Any, +} +`; - /** - * Returns claim value from a set. - * If the set contains a single value, returns the value. - * If the set contains multiple values, returns the set. - * Otherwise, returns undefined. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @param {java.util.HashSet} set The set—for example, a user profile attribute value. - * @returns {string|java.util.HashSet|undefined} - */ - function getClaimValueFromSet (claim, set) { - if (set && set.size()) { - if (set.size() === 1) { - return set.toArray()[0]; - } else { - return set; - } - } else if (logger.warningEnabled()) { - logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); - } - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSaml.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSaml": { + "_id": "authSaml", + "_type": { + "_id": "authSaml", + "collection": false, + "name": "SAML2", + }, + "defaults": { + "allowCreate": "true", + "authComparison": "exact", + "authenticationLevel": 0, + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "entityName": "http://", + "forceAuthn": "false", + "isPassive": "false", + "metaAlias": "/sp", + "nameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "reqBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "sloEnabled": "false", + "sloRelay": "http://", + }, + }, + }, + "meta": Any, +} +`; - function isClaimValueValid (claimValue) { - if (typeof claimValue === 'undefined' || claimValue === null) { - return false; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialInstagram.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSocialInstagram": { + "_id": "authSocialInstagram", + "_type": { + "_id": "authSocialInstagram", + "collection": false, + "name": "Social Auth Instagram", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|instagram-", + "accountMapperConfiguration": [ + "id=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "id=uid", + "full_name=sn", + "username=cn", + "username=givenName", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|instagram-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "authorizeEndpoint": "https://api.instagram.com/oauth/authorize", + "logoutBehaviour": "prompt", + "logoutServiceUrl": "https://instagram.com/accounts/logout", + "provider": "Instagram", + "scope": [ + "basic", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "id", + "tokenEndpoint": "https://api.instagram.com/oauth/access_token", + "userInfoEndpoint": "https://api.instagram.com/v1/users/self", + "usesBasicAuth": false, + }, + }, + }, + }, + "meta": Any, +} +`; - return true; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialOAuth2.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSocialOAuth2": { + "_id": "authSocialOAuth2", + "_type": { + "_id": "authSocialOAuth2", + "collection": false, + "name": "Social Auth OAuth2", + }, + "defaults": { + "accountProvisioning": { + "accountMapperConfiguration": [], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [], + "attributeMappingClasses": [], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "logoutBehaviour": "prompt", + "mixUpMitigation": false, + "scope": [], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "usesBasicAuth": true, + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + }, + "meta": Any, +} +`; - // CLAIM PROCESSING +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialOpenID.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSocialOpenID": { + "_id": "authSocialOpenID", + "_type": { + "_id": "authSocialOpenID", + "collection": false, + "name": "Social Auth OpenID", + }, + "defaults": { + "accountProvisioning": { + "accountMapperConfiguration": [], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [], + "attributeMappingClasses": [], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "logoutBehaviour": "prompt", + "mixUpMitigation": false, + "scope": [ + "openid", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "usesBasicAuth": true, + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + }, + "meta": Any, +} +`; - /** - * Constructs and returns an object populated with the computed claim values - * and the requested scopes mapped to the claim names. - * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * @see RESULTS section for the use of this function. - */ - function getUserInfoClaims () { - return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialTwitter.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSocialTwitter": { + "_id": "authSocialTwitter", + "_type": { + "_id": "authSocialTwitter", + "collection": false, + "name": "Social Auth Twitter", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|twitter-", + "accountMapperConfiguration": [ + "id_str=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "full_name=sn", + "username=cn", + "id_str=uid", + "username=givenName", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|twitter-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "authorizeEndpoint": "https://api.twitter.com/oauth/authenticate", + "provider": "Twitter", + "requestTokenEndpoint": "https://api.twitter.com/oauth/request_token", + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "id_str", + "tokenEndpoint": "https://api.twitter.com/oauth/access_token", + "userInfoEndpoint": "https://api.twitter.com/1.1/account/verify_credentials.json", + "usesBasicAuth": false, + }, + }, + }, + }, + "meta": Any, +} +`; - /** - * Creates a map of (requested) claim names populated with the computed claim values. - * @returns {java.util.LinkedHashMap} - * A map of the requested claim names and the corresponding claim values. - */ - function getComputedClaims () { - /** - * Creates a complete list of claim objects from: - * the claims derived from the scopes, - * the claims provided by the authorization server, - * and the claims requested by the client. - * @returns {java.util.ArrayList} - * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function getClaims() { - /** - * Returns a list of claim objects for the requested scopes. - * Uses the scopeClaimsMap configuration option to derive the claim names; - * no other properties of a claim derived from a scope are populated. - * @returns {java.util.ArrayList} - * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. - */ - function convertScopeToClaims() { - var claims = new frJava.ArrayList(); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialVk.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSocialVk": { + "_id": "authSocialVk", + "_type": { + "_id": "authSocialVk", + "collection": false, + "name": "Social Auth VKontakte", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|vkontakte-", + "accountMapperConfiguration": [ + "id=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "first_name=givenName", + "first_name=cn", + "id=uid", + "last_name=sn", + "email=mail", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|vkontakte-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "apiVersion": "5.73", + "authorizeEndpoint": "https://oauth.vk.com/authorize", + "forgerock-am-auth-socialauthvk-auth-level": 0, + "provider": "VKontakte", + "scope": [ + "email", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "id", + "tokenEndpoint": "https://oauth.vk.com/access_token", + "userInfoEndpoint": "https://api.vk.com/method/users.get", + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + }, + "meta": Any, +} +`; - scopes.toArray().forEach(function (scope) { - if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - claims.add(new frJava.Claim(claimName)); - }); - } - }); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialWeChat.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSocialWeChat": { + "_id": "authSocialWeChat", + "_type": { + "_id": "authSocialWeChat", + "collection": false, + "name": "Social Auth WeChat", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|wechat-", + "accountMapperConfiguration": [ + "openid=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "nickname=givenName", + "openid=uid", + "nickname=cn", + "nickname=sn", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|wechat-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "authorizeEndpoint": "https://open.weixin.qq.com/connect/qrconnect", + "provider": "WeChat", + "scope": [ + "snsapi_login", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "openid", + "tokenEndpoint": "https://api.wechat.com/sns/oauth2/access_token", + "userInfoEndpoint": "https://api.wechat.com/sns/userinfo", + "usesBasicAuth": false, + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + }, + "meta": Any, +} +`; - return claims; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialWeChatMobile.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authSocialWeChatMobile": { + "_id": "authSocialWeChatMobile", + "_type": { + "_id": "authSocialWeChatMobile", + "collection": false, + "name": "Social Auth WeChat Mobile", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|wechat-", + "accountMapperConfiguration": [ + "openid=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "nickname=givenName", + "openid=uid", + "nickname=cn", + "nickname=sn", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|wechat-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "provider": "WeChat", + "scope": [ + "snsapi_userinfo", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "openid", + "userInfoEndpoint": "https://api.wechat.com/sns/userinfo", + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + }, + "meta": Any, +} +`; - var claims = new frJava.ArrayList(); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authenticatoroath.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "authenticatoroath": { + "_id": "authenticatoroath", + "_type": { + "_id": "authenticatoroath", + "collection": false, + "name": "ForgeRock Authenticator (OATH)", + }, + "defaults": { + "addChecksumToOtpEnabled": "False", + "authenticationLevel": 0, + "frOathOtpMaxRetry": 3, + "hotpWindowSize": 100, + "minimumSecretKeyLength": 32, + "oathAlgorithm": "HOTP", + "passwordLength": "6", + "totpMaximumClockDrift": 5, + "totpTimeStepInterval": 30, + "totpTimeStepsInWindow": 2, + "truncationOffset": -1, + }, + }, + }, + "meta": Any, +} +`; - claims.addAll(convertScopeToClaims()); - claims.addAll(claimObjects); - claims.addAll(requestedTypedClaims); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/certificate.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "certificate": { + "_id": "certificate", + "_type": { + "_id": "certificate", + "collection": false, + "name": "Certificate", + }, + "defaults": { + "authenticationLevel": 0, + "cacheCRLsInMemory": true, + "certificateAttributeProfileMappingExtension": "none", + "certificateAttributeToProfileMapping": "subject CN", + "certificateLdapServers": [ + "localhost:50636", + ], + "crlMatchingCertificateAttribute": "CN", + "iplanet-am-auth-cert-gw-cert-preferred": false, + "ldapCertificateAttribute": "CN", + "ldapSearchStartDN": [], + "matchCACertificateToCRL": false, + "matchCertificateInLdap": false, + "matchCertificateToCRL": false, + "ocspValidationEnabled": false, + "sslEnabled": false, + "trustedRemoteHosts": [ + "none", + ], + "updateCRLsFromDistributionPoint": true, + "userBindDN": "cn=Directory Manager", + }, + }, + }, + "meta": Any, +} +`; - return claims; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/datastore.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": false, + "name": "Data Store", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + }, + "meta": Any, +} +`; - /** - * Computes and returns a claim value. - * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. - * @see claimResolvers - * If no resolver function is found, uses the default claim resolver function. - * - * @param {org.forgerock.openidconnect.Claim} claim - * An object that provides methods to obtain information/requirements associated with a claim. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. - * @returns {*} Claim value. - * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} - * Rethrows this exception if a claim resolver throws it. - * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver - * if you want to terminate the claim processing. - */ - function computeClaim(claim) { - var resolveClaim; - var message; +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/deviceidmatch.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "deviceidmatch": { + "_id": "deviceidmatch", + "_type": { + "_id": "deviceidmatch", + "collection": false, + "name": "Device Id (Match)", + }, + "defaults": { + "authenticationLevel": 0, + "clientScript": "157298c0-7d31-4059-a95b-eeb08473b7e5", + "clientScriptEnabled": true, + "serverScript": "703dab1a-1921-4981-98dd-b8e5349d8548", + }, + }, + }, + "meta": Any, +} +`; - try { - resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/deviceidsave.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "deviceidsave": { + "_id": "deviceidsave", + "_type": { + "_id": "deviceidsave", + "collection": false, + "name": "Device Id (Save)", + }, + "defaults": { + "authenticationLevel": 0, + "autoStoreProfiles": false, + "maxProfilesAllowed": 5, + }, + }, + }, + "meta": Any, +} +`; - return resolveClaim(claim); - } catch (e) { - message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/federation.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": false, + "name": "Federation", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + }, + "meta": Any, +} +`; - if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { - throw e; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/hotp.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": false, + "name": "HOTP", + }, + "defaults": { + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + }, + }, + "meta": Any, +} +`; - if (logger.warningEnabled()) { - logger.warning(message); - } - } - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/httpbasic.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "httpbasic": { + "_id": "httpbasic", + "_type": { + "_id": "httpbasic", + "collection": false, + "name": "HTTP Basic", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + }, + "meta": Any, +} +`; - var computedClaims = new frJava.LinkedHashMap(); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/jdbc.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "jdbc": { + "_id": "jdbc", + "_type": { + "_id": "jdbc", + "collection": false, + "name": "JDBC", + }, + "defaults": { + "authenticationLevel": 0, + "connectionPoolJndiName": "java:comp/env/jdbc/samplePool", + "connectionType": "JNDI", + "jdbcDriver": "com.mysql.jdbc.Driver", + "jdbcUrl": "jdbc:mysql://127.0.0.1:3306/test", + "password": null, + "passwordColumn": "PASSWORD_COLUMN", + "passwordStatement": "select PASSWORD_COLUMN from TABLE where USERNAME_COLUMN = ?", + "passwordTransformClass": "com.sun.identity.authentication.modules.jdbc.ClearTextTransform", + "username": "root", + }, + }, + }, + "meta": Any, +} +`; - getClaims().toArray().forEach(function (claim) { - var claimValue = computeClaim(claim); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/ldap.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": false, + "name": "LDAP", + }, + "defaults": { + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAP", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + }, + }, + "meta": Any, +} +`; - if (isClaimValueValid(claimValue)) { - computedClaims.put(claim.getName(), claimValue); - } else { - /** - * If a claim has been processed, but appears in the list again, - * and its value cannot be computed under the new conditions, - * the claim is removed from the final result. - * - * For example, a claim could be mapped to a scope and found in the user profile, - * but also requested by the client with required values that don't match the computed one. - * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. - * for the relevant OIDC specification details. - */ - computedClaims.remove(claim.getName()); - } - }); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/membership.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "membership": { + "_id": "membership", + "_type": { + "_id": "membership", + "collection": false, + "name": "Membership", + }, + "defaults": { + "authenticationLevel": 0, + "defaultUserRoles": [], + "defaultUserStatus": "Active", + "minimumPasswordLength": 8, + }, + }, + }, + "meta": Any, +} +`; - return computedClaims; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/msisdn.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "msisdn": { + "_id": "msisdn", + "_type": { + "_id": "msisdn", + "collection": false, + "name": "MSISDN", + }, + "defaults": { + "authenticationLevel": 0, + "baseSearchDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + "ldapProviderUrl": [ + "localhost:50636", + ], + "ldapSslEnabled": false, + "ldapUserBindDN": "cn=Directory Manager", + "msisdnParameterNames": [], + "msisdnRequestSearchLocations": [ + "searchRequest", + "searchParam", + "searchCookie", + ], + "msisdnUserNamingAttribute": "uid", + "returnUserDN": true, + "trustedGatewayIPAddresses": [], + "userProfileMsisdnAttribute": "sunIdentityMSISDNNumber", + }, + }, + }, + "meta": Any, +} +`; - /** - * Creates a map of requested scopes and the corresponding claim names. - * @returns {java.util.LinkedHashMap} - */ - function getCompositeScopes () { - var compositeScopes = new frJava.LinkedHashMap(); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/oath.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": false, + "name": "OATH", + }, + "defaults": { + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, + }, + }, + }, + "meta": Any, +} +`; - scopes.toArray().forEach(function (scope) { - var scopeClaims = new frJava.ArrayList(); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/oauth2.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "oauth2": { + "_id": "oauth2", + "_type": { + "_id": "oauth2", + "collection": false, + "name": "Legacy OAuth 2.0 / OpenID Connect", + }, + "defaults": { + "accessTokenEndpointUrl": "https://graph.facebook.com/oauth/access_token", + "accessTokenParameterName": "access_token", + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper", + "accountMapperConfiguration": [ + "id=facebook-id", + "email=mail", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "first_name=givenname", + "id=facebook-id", + "email=facebook-email", + "last_name=facebook-lname", + "first_name=facebook-fname", + "name=cn", + "email=mail", + "last_name=sn", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper", + ], + "authenticationEndpointUrl": "https://www.facebook.com/dialog/oauth", + "authenticationLevel": 0, + "createAccount": true, + "logoutBehaviour": "prompt", + "mailGatewayClass": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "mapToAnonymousUser": false, + "mixUpMitigation": false, + "promptForPassword": true, + "saveAttributesInSession": true, + "scope": "email,read_stream", + "smtpFromAddress": "info@forgerock.com", + "smtpHostName": "localhost", + "smtpHostPort": "25", + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "userProfileServiceUrl": "https://graph.facebook.com/me", + }, + }, + }, + "meta": Any, +} +`; - if (scopeClaimsMap[scope]) { - scopeClaimsMap[scope].forEach(function (claimName) { - scopeClaims.add(claimName); - }); - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/openidconnect.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "openidconnect": { + "_id": "openidconnect", + "_type": { + "_id": "openidconnect", + "collection": false, + "name": "OpenID Connect id_token bearer", + }, + "defaults": { + "acceptedAuthorizedParties": [ + "http://www.example.com/authorized/party", + "AuthorizedPartyExample", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "audienceName": "example", + "cryptoContextType": ".well-known/openid-configuration_url", + "cryptoContextValue": "https://accounts.google.com/.well-known/openid-configuration", + "idTokenHeaderName": "oidc_id_token", + "idTokenIssuer": "accounts.google.com", + "jwtToLdapAttributeMappings": [ + "sub=uid", + "email=mail", + ], + "principalMapperClass": "org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper", + "useSubClaimIfNoMatch": false, + }, + }, + }, + "meta": Any, +} +`; - if (scopeClaims.size()) { - compositeScopes.put(scope, scopeClaims); - } - }); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/persistentcookie.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "persistentcookie": { + "_id": "persistentcookie", + "_type": { + "_id": "persistentcookie", + "collection": false, + "name": "Persistent Cookie", + }, + "defaults": { + "cookieName": "session-jwt", + "enforceClientIP": false, + "idleTimeout": 5, + "maxLife": 5, + "useHttpOnlyCookie": true, + "useSecureCookie": true, + }, + }, + }, + "meta": Any, +} +`; - return compositeScopes; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/radius.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "radius": { + "_id": "radius", + "_type": { + "_id": "radius", + "collection": false, + "name": "RADIUS", + }, + "defaults": { + "authenticationLevel": 0, + "healthCheckInterval": 5, + "primaryRadiusServers": [ + "127.0.0.1", + ], + "secondaryRadiusServers": [ + "127.0.0.1", + ], + "serverPortNumber": 1645, + "serverTimeout": 3, + "stopRadiusbindAfterInmemoryLockedEnabled": false, + }, + }, + }, + "meta": Any, +} +`; - // PUBLIC METHODS +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/sae.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": false, + "name": "SAE", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + }, + "meta": Any, +} +`; - return { - setScopeClaimsMap: setScopeClaimsMap, - setClaimResolvers: setClaimResolvers, - getUserProfileClaimResolver: getUserProfileClaimResolver, - getAddressClaimResolver: getAddressClaimResolver, - getEssentialClaimResolver: getEssentialClaimResolver, - getUserInfoClaims: getUserInfoClaims - }; - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/scripted.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "scripted": { + "_id": "scripted", + "_type": { + "_id": "scripted", + "collection": false, + "name": "Scripted Module", + }, + "defaults": { + "authenticationLevel": 1, + "clientScript": "[Empty]", + "clientScriptEnabled": true, + "serverScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", + }, + }, + }, + "meta": Any, +} +`; - // RESULTS +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/securid.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "securid": { + "_id": "securid", + "_type": { + "_id": "securid", + "collection": false, + "name": "SecurID", + }, + "defaults": { + "authenticationLevel": 0, + "serverConfigPath": "/home/prestonhales/am/config/auth/ace/data", + }, + }, + }, + "meta": Any, +} +`; - /** - * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class - * populated with the computed claim values and - * the requested scopes mapped to the claim names. - * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. - * - * Assigning it to a variable gives you an opportunity - * to log the content of the returned value during development. - */ - var userInfoClaims = utils.getUserInfoClaims(); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/windowsdesktopsso.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "windowsdesktopsso": { + "_id": "windowsdesktopsso", + "_type": { + "_id": "windowsdesktopsso", + "collection": false, + "name": "Windows Desktop SSO", + }, + "defaults": { + "authenticationLevel": 0, + "kerberosServiceIsinitiator": true, + "lookupUserInRealm": false, + "returnPrincipalWithDomainName": false, + "trustedKerberosRealms": [], + }, + }, + }, + "meta": Any, +} +`; - /* - logger.error(scriptName + ' results:') - logger.error('Values: ' + userInfoClaims.getValues()) - logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) - */ +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/windowsnt.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "windowsnt": { + "_id": "windowsnt", + "_type": { + "_id": "windowsnt", + "collection": false, + "name": "Windows NT", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + }, + "meta": Any, +} +`; - return userInfoClaims; -}()); -", +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationTreesConfiguration/EMPTY.authenticationTreesConfiguration.json 1`] = ` +{ + "authenticationTreesConfiguration": { + "EMPTY": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Authentication Trees Configuration", + }, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Check-Resolved-Username.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/realm/first.realm.json 1`] = ` { "meta": Any, - "script": { - "ffcfbd20-38d5-4f74-8766-7df90af4dbe4": { - "_id": "ffcfbd20-38d5-4f74-8766-7df90af4dbe4", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Check if username has already been resolved to _id.", - "evaluatorVersion": "2.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Check Resolved Username", - "script": "/* Resolve Username - * - * Author: volker.scheuber@forgerock.com - * - * Check if username has already been resolved to _id. - * Return "true" if resolved, "false" otherwise. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - */ -(function () { - if (nodeState.get("_id")) { - outcome = "true"; - } - else { - outcome = "false"; - } -}()); -", + "realm": { + "L2ZpcnN0": { + "_id": "L2ZpcnN0", + "active": true, + "aliases": [ + "one", + "dnsfirst", + ], + "name": "first", + "parentPath": "/", }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Check-Resolved-Username-imported-(1).script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/realm/firstsecond.realm.json 1`] = ` { "meta": Any, - "script": { - "870f0298-2f96-4e10-990d-3436fc2f3c43": { - "_id": "870f0298-2f96-4e10-990d-3436fc2f3c43", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Check if username has already been resolved to _id.", - "evaluatorVersion": "2.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Check Resolved Username - imported (1)", - "script": "/* Resolve Username - * - * Author: volker.scheuber@forgerock.com - * - * Check if username has already been resolved to _id. - * Return "true" if resolved, "false" otherwise. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - * - false - */ -(function () { - if (nodeState.get("_id")) { - outcome = "true"; - } - else { - outcome = "false"; - } -}()); -", + "realm": { + "L2ZpcnN0L3NlY29uZA": { + "_id": "L2ZpcnN0L3NlY29uZA", + "active": false, + "aliases": [ + "secondDNS", + "second", + ], + "name": "second", + "parentPath": "/first", }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Check-Username.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/realm/root.realm.json 1`] = ` { "meta": Any, - "script": { - "739bdc48-fd24-4c52-b353-88706d75558a": { - "_id": "739bdc48-fd24-4c52-b353-88706d75558a", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Check if username has already been collected.", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Check Username", - "script": "/* Check Username - * - * Author: volker.scheuber@forgerock.com - * - * Check if username has already been collected. - * Return "known" if yes, "unknown" otherwise. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - known - * - unknown - */ -(function () { - if (null != sharedState.get("username")) { - outcome = "known"; - } - else { - outcome = "unknown"; - } -}()); -", + "realm": { + "Lw": { + "_id": "Lw", + "active": true, + "aliases": [ + "localhost", + "openam-frodo-dev.classic.com", + "openam", + "testurl.com", + ], + "name": "/", + "parentPath": "", }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Dummy.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/AUTHENTICATION_CLIENT_SIDE.scripttype.json 1`] = ` { "meta": Any, - "script": { - "bb0b46f8-bdf3-4fb8-8d8f-bd921af7e79e": { - "_id": "bb0b46f8-bdf3-4fb8-8d8f-bd921af7e79e", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Dummy", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Dummy", - "script": "outcome = "true"; -", + "scripttype": { + "AUTHENTICATION_CLIENT_SIDE": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "allowLists": {}, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "[Empty]", + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Full-Verification-Results.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/AUTHENTICATION_SERVER_SIDE.scripttype.json 1`] = ` { "meta": Any, - "script": { - "ca0c39c5-9c50-417f-a36e-815cfd1ecffe": { - "_id": "ca0c39c5-9c50-417f-a36e-815cfd1ecffe", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Show full identity verification results", - "evaluatorVersion": "2.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Full Verification Results", - "script": "/* Full Verification Results - * - * Author: volker.scheuber@forgerock.com - * - * Show full identity verification results - * - * This script needs to be parametrized. It may not work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = 'true'; - - var p1UserIdAmAttr = 'fr-attr-istr1'; - var p1UserIdIdmAttr = 'frIndexedString1'; - var selfieAmAttr = 'fr-attr-str1'; - var selfieIdmAttr = 'frUnindexedString1'; - var portraitAmAttr = 'fr-attr-str2'; - var portraitIdmAttr = 'frUnindexedString2'; - var firstNameAttr = 'givenName'; - var lastNameAttr = 'sn'; - var metaDataAmAttr = 'fr-attr-str3'; - var metaDataIdmAttr = 'frUnindexedString3'; - var customIdmAttrs = 'fr-idm-custom-attrs'; - var verifiedFirstNameAttr = 'custom_verifiedFirstName'; - var verifiedLastNameAttr = 'custom_verifiedLastName'; - var verifyStatusAttr = 'custom_verifyStatus'; - - var identity = idRepository.getIdentity(nodeState.get('_id')); - var p1UserId = identity.getAttributeValues(p1UserIdAmAttr)[0]; - var selfie = identity.getAttributeValues(selfieAmAttr)[0]; - var portrait = identity.getAttributeValues(portraitAmAttr)[0]; - var firstName = identity.getAttributeValues(firstNameAttr)[0]; - var lastName = identity.getAttributeValues(lastNameAttr)[0]; - var metaData = JSON.parse(identity.getAttributeValues(metaDataAmAttr)[0]); - var customAttrs = JSON.parse(identity.getAttributeValues(customIdmAttrs)[0]); - - var anchor = 'anchor-'.concat(generateNumericToken('xxx')); - var halign = 'left'; - var referenceImage = 'Reference Image'; - var freshSelfieImg = 'Fresh Selfie'; - var firstNameMatch = getBiographicMatchResult(metaData, 'given_name'); - var lastNameMatch = getBiographicMatchResult(metaData, 'family_name'); - var identityTable = \`\\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ -
IdentifierApplicationGovernment IDMatch
First Name:\${firstName}\${customAttrs[verifiedFirstNameAttr]}\${firstNameMatch}
Last Name:\${lastName}\${customAttrs[verifiedLastNameAttr]}\${lastNameMatch}
\`; - var docStructJdgmnt = getMitekResult(metaData, 'Document Structure').judgement; - var docDataCompJdgmnt = getMitekResult(metaData, 'Document Data Comparison').judgement; - var humanFaceJdgmnt = getMitekResult(metaData, 'Human Face Presence').judgement - var fieldValidJdgmnt = getMitekResult(metaData, 'Field Validation').judgement; - var blacklistJdgmnt = getMitekResult(metaData, 'ID Document Blacklist').judgement; - var barcodeJdgmnt = getMitekResult(metaData, 'Barcode Analysis').judgement; - var govDocTable = \`\\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ -
Document Structure:\${docStructJdgmnt}
Document Data Comparison:\${docDataCompJdgmnt}
Human Face Presence:\${humanFaceJdgmnt}
Field Validation:\${fieldValidJdgmnt}
ID Document Blacklist:\${blacklistJdgmnt}
Barcode Analysis:\${barcodeJdgmnt}
\`; - var similarity = getSimilarity(getResult(metaData, 'FACIAL_COMPARISON').data.similarity); - var liveness = getLiveness(getResult(metaData, 'LIVENESS').data.probability); - var facialTable = \`\\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ -
Facial Comparison:\${similarity}
Liveness:\${liveness}
\`; - var selfieTable = \`\\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ -

Government ID Picture

Fresh Selfie

\${referenceImage}\${freshSelfieImg}
\`; - var message = \`\\ -

Status

\\ -

\${customAttrs[verifyStatusAttr]}

\\ -

Identity

\\ - \${identityTable}\\ -

Government ID Authentication

\\ - \${govDocTable}\\ -

Facial Comparison & Liveness

\\ - \${facialTable}\\ -
\${selfieTable}\`; - var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " console.log('here!');\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"text-left\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") - if (callbacks.isEmpty()) { - callbacksBuilder.textOutputCallback(0, anchor); - callbacksBuilder.scriptTextOutputCallback(script); - } else { - action = action.goTo('true'); - } - - function getSimilarity(num) { - if (num >= 85) return 'High'; - if (num >= 65) return 'Medium'; - return 'Low'; - } - - function getLiveness(num) { - if (num >= 0.5) return 'Live'; - return 'Spoofed' - } - - function colorize(text) { - var color = ''; - var success = 'green'; - var soso = 'yellow'; - var failure = 'red'; - var colors = { - 'not_authentic': \`color:\${failure};\`, - 'success': \`color:\${success};\`, - 'authentic': \`color:\${success};\`, - 'live': \`color:\${success};\`, - 'high': \`color:\${success};\`, - 'medium': \`color:\${soso};\`, - 'fail': \`color:\${failure};\`, - 'low': \`color:\${failure};\`, - 'spoofed': \`color:\${failure};\`, - }; - Object.keys(colors).forEach((it) => { - if (text.toLowerCase().indexOf(it) >= 0) color = colors[it]; - return; - }); - return color; - } - - function getResult(metaData, type) { - var result = null; - if (metaData && type) { - metaData._embedded.metaData.forEach((it) => { - if (it.type === type) { - result = it; - return; - } - }); - } - return result; - } - - function getMitekResult(metaData, name) { - var result = null; - var mitekResults = getResult(metaData, 'DOCUMENT_AUTHENTICATION'); - if (mitekResults && name) { - mitekResults.data.mitekVerifications.forEach((it) => { - if (it.name === name) { - result = it; - return; - } - }); - } - return result; - } - - function getBiographicMatchResult(metaData, field) { - var result = null; - var biographicMatchResult = getResult(metaData, 'BIOGRAPHIC_MATCH'); - if (biographicMatchResult && field) { - biographicMatchResult.data.biographic_match_results.forEach((it) => { - if (it.identifier === field) { - result = it.match; - return; - } - }); - } - return result; - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function (c) { - var r = (Math.random() * 10) | 0; - var v = r; - return v.toString(10); - }); - } - - /* - * Read attributes in shared state for use with the Create/Patch Object nodes. - */ - function getObjectAttribute(name) { - var attributes = nodeState.get("objectAttributes"); - if (attributes) { - if (attributes.get) { - return attributes.get(name); - } - else { - return attributes.name; - } - } - return null; - } + "scripttype": { + "AUTHENTICATION_SERVER_SIDE": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "allowLists": { + "1.0": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setSharedObjectAttribute(name, value) { - var attributes = nodeState.get("objectAttributes"); - if (attributes && value) { - attributes.put(name, value); - nodeState.putShared("objectAttributes", attributes); - } else if (value) { - nodeState.putShared("objectAttributes", { name: value } ); - } - } -}()); -", +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/AUTHENTICATION_TREE_DECISION_NODE.scripttype.json 1`] = ` +{ + "meta": Any, + "scripttype": { + "AUTHENTICATION_TREE_DECISION_NODE": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.concurrent.TimeUnit", + "java.util.Collections$*", + "java.util.HashSet", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "ch.qos.logback.classic.Logger", + "org.forgerock.util.promise.Promises$*", + "com.sun.proxy.$*", + "java.util.Date", + "java.security.spec.InvalidKeySpecException", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + "2.0", + ], + }, + }, + "defaultScript": "01e1a3c0-038b-4c16-956a-6c9d89328cff", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Load-Reference-Selfie.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/CONFIG_PROVIDER_NODE.scripttype.json 1`] = ` { "meta": Any, - "script": { - "09d6f27b-3c7c-4bc0-a7ff-e19d93f6b6d9": { - "_id": "09d6f27b-3c7c-4bc0-a7ff-e19d93f6b6d9", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Load reference selfie into shared state", - "evaluatorVersion": "2.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Load Reference Selfie", - "script": "/* Load Reference Selfie - * - * Author: volker.scheuber@forgerock.com - * - * Load reference selfie into transient state - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = 'true'; - - var selfieAttr = 'fr-attr-str1'; - var identity = idRepository.getIdentity(nodeState.get('_id')); - var selfie = identity.getAttributeValues(selfieAttr)[0]; - if (selfie) { - setTransientObjectAttribute(selfieAttr, selfie); - } - - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setTransientObjectAttribute(name, value) { - var attributes = nodeState.get("objectAttributes"); - if (attributes && value) { - attributes.put(name, value); - nodeState.putTransient("objectAttributes", attributes); - } else if (value) { - nodeState.putTransient("objectAttributes", { name: value } ); - } - } -}()); -", + "scripttype": { + "CONFIG_PROVIDER_NODE": { + "_id": "CONFIG_PROVIDER_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "CONFIG_PROVIDER_NODE", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "5e854779-6ec1-4c39-aeba-0477e0986646", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Prepare-Account-Creation.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/LIBRARY.scripttype.json 1`] = ` { "meta": Any, - "script": { - "835c3d04-4883-4fb7-b957-bd6ff6ff9d50": { - "_id": "835c3d04-4883-4fb7-b957-bd6ff6ff9d50", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Set username from email and copy first and last name to applicant attributes.", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Prepare Account Creation", - "script": "/* Prepare Account Creation - * - * Author: volker.scheuber@forgerock.com - * - * Set username from email and copy first and last name to applicant attributes. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = "true"; - - sharedState.put("username", getSharedObjectAttribute("mail")) - setSharedObjectAttribute("userName", getSharedObjectAttribute("mail")) - setSharedObjectAttribute("custom_verifiedFirstName", getSharedObjectAttribute("givenName")) - setSharedObjectAttribute("custom_verifiedLastName", getSharedObjectAttribute("sn")) - setSharedObjectAttribute("custom_verifyStatus", 'Not verified') - - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setSharedObjectAttribute(name, value) { - var storage = sharedState.get("objectAttributes"); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put("objectAttributes", JSON.parse("{\\""+name+"\\":\\""+value+"\\"}")); - } - } + "scripttype": { + "LIBRARY": { + "_id": "LIBRARY", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "LIBRARY", + "allowLists": { + "1.0": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form", + "jdk.proxy*", + ], + "2.0": [ + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0", + ], + }, + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.lang.Class", + "java.security.AccessController", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form", + ], + }, + "languages": [ + "JAVASCRIPT", + ], + }, + }, +} +`; - /* - * Read attributes in shared state for use with the Create/Patch Object nodes. - */ - function getSharedObjectAttribute(name) { - var storage = sharedState.get("objectAttributes"); - if (storage) { - if (storage.get) { - return sharedState.get("objectAttributes").get(name); - } - else { - return storage.name; - } - } - return null; - } -}()); -", +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_ACCESS_TOKEN_MODIFICATION.scripttype.json 1`] = ` +{ + "meta": Any, + "scripttype": { + "OAUTH2_ACCESS_TOKEN_MODIFICATION": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Prepare-Account-Update.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER.scripttype.json 1`] = ` { "meta": Any, - "script": { - "4233c093-76a6-474b-ac38-5c0ea1de2484": { - "_id": "4233c093-76a6-474b-ac38-5c0ea1de2484", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Move data from root of node state into objectAttributes for account update.", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Prepare Account Update", - "script": "/* Prepare Account Update - * - * Author: volker.scheuber@forgerock.com - * - * Move data from root of node state into objectAttributes for account update. - * - * This script needs to be parametrized. It may not work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = 'true'; - - /* Configure to fit your env */ - var p1UserIdAmAttr = 'fr-attr-istr1'; // this is what should be configured in your verify proofing node - var p1UserIdIdmAttr = 'frIndexedString1'; - var selfieSource = 'selfieBase64'; - var selfieTarget = 'frUnindexedString1'; - var croppedPortraitSource = 'croppedPortraitBase64'; - var croppedPortraitTarget = 'frUnindexedString2'; - var metadataSource = 'VerifyMetadataResult'; - var metadataTarget = 'frUnindexedString3'; - var verifyStatusAttr = 'custom_verifyStatus'; - var verifyFailedReason = 'VerifedFailedReason'; - - setSharedObjectAttribute(p1UserIdIdmAttr, sharedState.get(p1UserIdAmAttr)) - setSharedObjectAttribute(selfieTarget, sharedState.get(selfieSource)); - setSharedObjectAttribute(croppedPortraitTarget, sharedState.get(croppedPortraitSource)); - setSharedObjectAttribute(metadataTarget, JSON.stringify(transientState.get(metadataSource))); - setSharedObjectAttribute(verifyStatusAttr, sharedState.get(verifyFailedReason) || 'Successfully verified'); - - // remove source to minimize AuthId size - sharedState.put(selfieSource, ''); - sharedState.put(croppedPortraitSource, ''); - - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setSharedObjectAttribute(name, value) { - var storage = sharedState.get('objectAttributes'); - if (storage && value) { - if (storage.put) { - storage.put(name, value); - } - else { - storage[name] = value; - } - } - else if (value) { - sharedState.put('objectAttributes', JSON.parse('{"'+name+'":"'+value+'"}')); - } - } -}()); -", + "scripttype": { + "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Remove-Button.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_EVALUATE_SCOPE.scripttype.json 1`] = ` { "meta": Any, - "script": { - "9535446c-0ff6-4a76-8576-616599119d64": { - "_id": "9535446c-0ff6-4a76-8576-616599119d64", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Remove button from page.", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Remove Button", - "script": "/* Remove Button - * - * Author: volker.scheuber@forgerock.com - * - * Hide buttons on the journey page. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - var script = "Array.prototype.slice.call(document.getElementsByTagName('button')).forEach(function (e) {e.style.display = 'none'})" - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ) - var message = " " - if (callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback( - fr.TextOutputCallback.INFORMATION, - message - ), - new fr.ScriptTextOutputCallback(script) - ).build() - } -}()); -", + "scripttype": { + "OAUTH2_EVALUATE_SCOPE": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/Selfie-Authentication-Results.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_MAY_ACT.scripttype.json 1`] = ` { "meta": Any, - "script": { - "eaab5b6d-fc11-4365-93da-00eb9121adb9": { - "_id": "eaab5b6d-fc11-4365-93da-00eb9121adb9", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Show selfie authentication results", - "evaluatorVersion": "2.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Selfie Authentication Results", - "script": "/* Selfie Authentication Results - * - * Author: volker.scheuber@forgerock.com - * - * Show selfie authentication results - * - * This script needs to be parametrized. It may not work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - outcome = 'true'; - - var p1UserIdAmAttr = 'fr-attr-istr1'; - var p1UserIdIdmAttr = 'frIndexedString1'; - var selfieAmAttr = 'fr-attr-str1'; - var selfieIdmAttr = 'frUnindexedString1'; - var firstNameAttr = 'givenName'; - var lastNameAttr = 'sn'; - - var identity = idRepository.getIdentity(nodeState.get('_id')); - var p1UserId = identity.getAttributeValues(p1UserIdAmAttr)[0]; - var selfie = getObjectAttribute(selfieIdmAttr) ? getObjectAttribute(selfieIdmAttr) : identity.getAttributeValues(selfieAmAttr)[0]; - var firstName = getObjectAttribute(firstNameAttr) ? getObjectAttribute(firstNameAttr) : identity.getAttributeValues(firstNameAttr)[0]; - var lastName = getObjectAttribute(lastNameAttr) ? getObjectAttribute(lastNameAttr) : identity.getAttributeValues(lastNameAttr)[0]; - - var anchor = 'anchor-'.concat(generateNumericToken('xxx')); - var halign = 'left'; - var referenceImage = 'Reference Image'; - var identityTable = \`\\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ -
First Name:\${firstName}
Last Name:\${lastName}
\`; - var selfieTable = \`\\ - \\ - \\ - \\ - \\ - \\ - \\ - \\ -

Reference Image

\${referenceImage}
\`; - var message = \`\\ -

Identity

\\ - \${identityTable}\\ -
\${selfieTable}\`; - var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " console.log('here!');\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"text-left\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") - if (callbacks.isEmpty()) { - callbacksBuilder.textOutputCallback(0, anchor); - callbacksBuilder.scriptTextOutputCallback(script); - } else { - action = action.goTo('true'); - } - - function getResult(metaData, type) { - var result = null; - if (metaData && type) { - metaData._embedded.metaData.forEach((it) => { - if (it.type === type) { - result = it; - return; - } - }); - } - return result; - } - - function getMitekResult(metaData, name) { - var result = null; - var mitekResults = getResult(metaData, 'DOCUMENT_AUTHENTICATION'); - if (mitekResults && name) { - mitekResults.data.mitekVerifications.forEach((it) => { - if (it.name === name) { - result = it; - return; - } - }); - } - return result; - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function (c) { - var r = (Math.random() * 10) | 0; - var v = r; - return v.toString(10); - }); - } - - /* - * Read attributes in shared state for use with the Create/Patch Object nodes. - */ - function getObjectAttribute(name) { - var attributes = nodeState.get("objectAttributes"); - if (attributes) { - if (attributes.get) { - return attributes.get(name); - } - else { - return attributes.name; - } - } - return null; - } - - /* - * Store attributes in shared state for use with the Create/Patch Object nodes. - */ - function setSharedObjectAttribute(name, value) { - var attributes = nodeState.get("objectAttributes"); - if (attributes && value) { - attributes.put(name, value); - nodeState.putShared("objectAttributes", attributes); - } else if (value) { - nodeState.putShared("objectAttributes", { name: value } ); - } - } -}()); -", + "scripttype": { + "OAUTH2_MAY_ACT": { + "_id": "OAUTH2_MAY_ACT", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_MAY_ACT", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/script/debug-imported-(1).script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_SCRIPTED_JWT_ISSUER.scripttype.json 1`] = ` { "meta": Any, - "script": { - "3cb43516-ae69-433a-8787-501d45db14e9": { - "_id": "3cb43516-ae69-433a-8787-501d45db14e9", - "context": "AUTHENTICATION_TREE_DECISION_NODE", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Display sharedState, transientState, and headers.", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "debug - imported (1)", - "script": "/* debug - * - * Author: volker.scheuber@forgerock.com - * - * Display sharedState, transientState, and headers. - * - * This script does not need to be parametrized. It will work properly as is. - * - * The Scripted Decision Node needs the following outcomes defined: - * - true - */ -(function () { - var anchor = 'anchor-'.concat(generateNumericToken('xxx')); - var halign = 'left'; - var message = "

Shared State:
".concat( - sharedState.toString()).concat("

").concat( - "

Transient State:
").concat( - transientState.toString()).concat("

").concat( - "

Request Parameters:
").concat( - getQueryString()).concat("").concat( - "

Request Headers:
").concat( - requestHeaders.toString()).concat("

") - var script = "Array.prototype.slice.call(\\n".concat( - "document.getElementsByClassName('callback-component')).forEach(\\n").concat( - "function (e) {\\n").concat( - " var message = e.firstElementChild;\\n").concat( - " console.log('here!');\\n").concat( - " if (message.firstChild && message.firstChild.nodeName == '#text' && message.firstChild.nodeValue.trim() == '").concat(anchor).concat("') {\\n").concat( - " message.className = \\"text-left\\";\\n").concat( - " message.align = \\"").concat(halign).concat("\\";\\n").concat( - " message.innerHTML = '").concat(message).concat("';\\n").concat( - " }\\n").concat( - "})") - var fr = JavaImporter( - org.forgerock.openam.auth.node.api.Action, - javax.security.auth.callback.TextOutputCallback, - com.sun.identity.authentication.callbacks.ScriptTextOutputCallback - ); - if (message.length && callbacks.isEmpty()) { - action = fr.Action.send( - new fr.TextOutputCallback(fr.TextOutputCallback.INFORMATION, message), - new fr.ScriptTextOutputCallback(script) - ).build(); - } else { - action = fr.Action.goTo('true').build(); - } - - /* - * Generate a token in the desired format. All 'x' characters will be replaced with a random number 0-9. - * - * Example: - * 'xxxxx' produces '28535' - * 'xxx-xxx' produces '432-521' - */ - function generateNumericToken(format) { - return format.replace(/[x]/g, function (c) { - var r = (Math.random() * 10) | 0; - var v = r; - return v.toString(10); - }); - } - - function getQueryString() { - - requestParameters.put('authIndexType', ['service']); - requestParameters.put('authIndexValue', ['Simple']); - requestParameters.put('username', [sharedState.get('username')]); - - var query = ''; - var params = Object.keys(requestParameters); - for (var i = 0; i < params.length ; i++) { - var param = params[i]; - var values = requestParameters.get(param); - for (var j = 0; j < values.length ; j++) { - var value = values[j]; - query = query + param + '=' + encodeURIComponent(value) + '&'; - }; - }; - return query.substring(0, query.length > 0 ? query.length - 1 : 0); - } -})(); -", + "scripttype": { + "OAUTH2_SCRIPTED_JWT_ISSUER": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "400e48ba-3f13-4144-ac7b-f824ea8e98c5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/SocialIdentityProviders.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_VALIDATE_SCOPE.scripttype.json 1`] = ` { "meta": Any, - "service": { - "SocialIdentityProviders": { - "_id": "", + "scripttype": { + "OAUTH2_VALIDATE_SCOPE": { + "_id": "OAUTH2_VALIDATE_SCOPE", "_type": { - "_id": "SocialIdentityProviders", - "collection": false, - "name": "Social Identity Provider Service", + "_id": "contexts", + "collection": true, + "name": "scriptContext", }, - "enabled": true, - "location": "/bravo", + "context": { + "_id": "OAUTH2_VALIDATE_SCOPE", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/TNTPPingOneService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OIDC_CLAIMS.scripttype.json 1`] = ` { "meta": Any, - "service": { - "TNTPPingOneService": { - "_id": "", + "scripttype": { + "OIDC_CLAIMS": { + "_id": "OIDC_CLAIMS", "_type": { - "_id": "TNTPPingOneService", - "collection": false, - "name": "PingOne Service", + "_id": "contexts", + "collection": true, + "name": "scriptContext", }, - "enable": true, - "location": "/bravo", - "nextDescendents": [ - { - "_id": "p1-volker-dev", - "_type": { - "_id": "PingOneService", - "collection": true, - "name": "instance", - }, - "clientIdWorkerApp": "9e4b8778-8d02-4533-b11f-407c15e5519e", - "clientIdWorkerSecret": "MYeArFcBVz_koayPMhz8dSmkKN9P1SjEA3CApwzWTfKuGvhS3XERxRpR1zTYg0ZT", - "environmentId": "183aa418-cdd3-4075-b20d-1ed89c8ca36e", - "environmentRegion": "NA", + "context": { + "_id": "OIDC_CLAIMS", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], }, - { - "_id": "JC", - "_type": { - "_id": "PingOneService", - "collection": true, - "name": "instance", - }, - "clientIdWorkerApp": "bc700ab9-b18d-4d75-9c10-0ddfd7a2fcf6", - "clientIdWorkerSecret": "PYT2yEkgv73IAXf7W-Gxo32SdANddMPdRPHuo8btgIR~qoU_KBmP3NfGpVxxGCK-", - "environmentId": "77826556-ad2a-4cb9-86fc-41f53fd35d4d", - "environmentRegion": "NA", + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], }, - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/baseurl.service.json 1`] = ` -{ - "meta": Any, - "service": { - "baseurl": { - "_id": "", - "_type": { - "_id": "baseurl", - "collection": false, - "name": "Base URL Source", }, - "contextPath": "/am", - "fixedValue": "https://&{fqdn}", - "location": "/bravo", - "nextDescendents": [], - "source": "REQUEST_VALUES", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/email.service.json 1`] = ` -{ - "meta": Any, - "service": { - "email": { - "_id": "", - "_type": { - "_id": "email", - "collection": false, - "name": "Email Service", + "defaultScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], }, - "emailAddressAttribute": "mail", - "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", - "emailRateLimitSeconds": 1, - "location": "/bravo", - "nextDescendents": [], - "port": 465, - "sslState": "SSL", - "transportType": "default-smtp", + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/oauth-oidc.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/POLICY_CONDITION.scripttype.json 1`] = ` { "meta": Any, - "service": { - "oauth-oidc": { - "_id": "", + "scripttype": { + "POLICY_CONDITION": { + "_id": "POLICY_CONDITION", "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": true, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [ - "address", - "phone", - "openid", - "profile", - "email", - ], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", - "includeClientIdClaimInStatelessTokens": true, - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "Login", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - ], - "supportedScopes": [ - "email|Your email address", - "openid|", - "address|Your postal address", - "phone|Your telephone number(s)", - "profile|Your personal information", - "fr:idm:*", - "am-introspect-all-tokens", - ], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": true, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": true, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], + "_id": "contexts", + "collection": true, + "name": "scriptContext", }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": true, - "usePolicyEngineForScope": false, + "context": { + "_id": "POLICY_CONDITION", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "java.util.Collections$EmptyList", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": true, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", + "defaultScript": "9de3eb62-f131-4fac-a294-7bd170fd4acb", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "java.util.Collections$EmptyList", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", ], }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "location": "/bravo", - "nextDescendents": [], - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "21138ab1-0621-4466-b18f-670bfcbabca7", - "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "[Empty]", - "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "[Empty]", - "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "3e31996b-4522-44a2-b360-0851cece3854", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "[Empty]", - }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/pingOneWorkerService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SAML2_IDP_ADAPTER.scripttype.json 1`] = ` { "meta": Any, - "service": { - "pingOneWorkerService": { - "_id": "", + "scripttype": { + "SAML2_IDP_ADAPTER": { + "_id": "SAML2_IDP_ADAPTER", "_type": { - "_id": "pingOneWorkerService", - "collection": false, - "name": "PingOne Worker Service", + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SAML2_IDP_ADAPTER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "248b8a56-df81-4b1b-b4ba-45d994f6504c", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", + "jdk.proxy*", + ], }, - "enabled": true, - "location": "/bravo", - "nextDescendents": [], + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/policyconfiguration.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SAML2_IDP_ATTRIBUTE_MAPPER.scripttype.json 1`] = ` { "meta": Any, - "service": { - "policyconfiguration": { - "_id": "", + "scripttype": { + "SAML2_IDP_ATTRIBUTE_MAPPER": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", "_type": { - "_id": "policyconfiguration", - "collection": false, - "name": "Policy Configuration", + "_id": "contexts", + "collection": true, + "name": "scriptContext", }, - "bindDn": "&{am.stores.user.username}", - "bindPassword": { - "$string": "&{am.stores.user.password}", + "context": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, }, - "checkIfResourceTypeExists": true, - "connectionPoolMaximumSize": 10, - "connectionPoolMinimumSize": 1, - "ldapServer": [ - "userstore-1.userstore:1389", - "userstore-0.userstore:1389", - "userstore-2.userstore:1389", - ], - "location": "/bravo", - "maximumSearchResults": 100, - "mtlsEnabled": false, - "nextDescendents": [], - "policyHeartbeatInterval": 10, - "policyHeartbeatTimeUnit": "SECONDS", - "realmSearchFilter": "(objectclass=sunismanagedorganization)", - "searchTimeout": 5, - "sslEnabled": { - "$bool": "&{am.stores.ssl.enabled}", + "defaultScript": "c4f22465-2368-4e27-8013-e6399974fd48", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource", + "jdk.proxy*", + ], }, - "subjectsResultTTL": 10, - "userAliasEnabled": false, - "usersBaseDn": "ou=identities", - "usersSearchAttribute": "uid", - "usersSearchFilter": "(objectclass=inetorgperson)", - "usersSearchScope": "SCOPE_SUB", + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/selfServiceTrees.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SAML2_SP_ADAPTER.scripttype.json 1`] = ` { "meta": Any, - "service": { - "selfServiceTrees": { - "_id": "", + "scripttype": { + "SAML2_SP_ADAPTER": { + "_id": "SAML2_SP_ADAPTER", "_type": { - "_id": "selfServiceTrees", - "collection": false, - "name": "Self Service Trees", - }, - "enabled": true, - "location": "/bravo", - "nextDescendents": [], - "treeMapping": { - "forgottenUsername": "ForgottenUsername", - "registration": "Registration", - "resetPassword": "ResetPassword", - "updatePassword": "UpdatePassword", + "_id": "contexts", + "collection": true, + "name": "scriptContext", }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/service/validation.service.json 1`] = ` -{ - "meta": Any, - "service": { - "validation": { - "_id": "", - "_type": { - "_id": "validation", - "collection": false, - "name": "Validation Service", + "context": { + "_id": "SAML2_SP_ADAPTER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, }, - "location": "/bravo", - "nextDescendents": [], - "validGotoDestinations": [ - "&{am.server.protocol|https}://&{fqdn}/*?*", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectAttributes/undefined.subjectAttributes.json 1`] = ` -{ - "meta": Any, - "subjectAttributes": { - "undefined": "iplanet-am-user-login-status", - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/AND.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "subjects": { - "type": "array", - }, + "defaultScript": "69f06e63-128c-4e2f-af52-079a8a6f448b", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", }, - "type": "object", + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", + "jdk.proxy*", + ], }, - "logical": true, - "title": "AND", + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SOCIAL_IDP_PROFILE_TRANSFORMATION.scripttype.json 1`] = ` { "meta": Any, - "subjectTypes": { - "AuthenticatedUsers": { - "_id": "AuthenticatedUsers", - "config": { - "properties": {}, - "type": "object", + "scripttype": { + "SOCIAL_IDP_PROFILE_TRANSFORMATION": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", }, - "logical": false, - "title": "AuthenticatedUsers", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/Identity.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Identity": { - "_id": "Identity", - "config": { - "properties": { - "subjectValues": { - "items": { - "type": "string", - }, - "type": "array", - }, + "context": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "allowLists": { + "1.0": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], }, - "type": "object", }, - "logical": false, - "title": "Identity", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "JwtClaim": { - "_id": "JwtClaim", - "config": { - "properties": { - "claimName": { - "type": "string", - }, - "claimValue": { - "type": "string", - }, + "defaultScript": "1d475815-72cb-42eb-aafd-4026989d28a7", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", }, - "type": "object", + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], }, - "logical": false, - "title": "JwtClaim", + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/NONE.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secrets/GlobalSecrets.secrets.json 1`] = ` { "meta": Any, - "subjectTypes": { - "NONE": { - "_id": "NONE", - "config": { - "properties": {}, - "type": "object", + "secrets": { + "GlobalSecrets": { + "_id": "GlobalSecrets", + "_type": { + "_id": "GlobalSecrets", + "collection": false, + "name": "Global Secrets Settings", }, - "logical": false, - "title": "NONE", + "storeTypes": [ + "EnvironmentAndSystemPropertySecretStore", + "KeyStoreSecretStore", + "GoogleSecretManagerSecretStoreProvider", + "GoogleKeyManagementServiceSecretStore", + "HsmSecretStore", + "FileSystemSecretStore", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/NOT.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secretstore/EnvironmentAndSystemPropertySecretStore.secretstore.json 1`] = ` { "meta": Any, - "subjectTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "subject": { - "properties": {}, - "type": "object", - }, - }, - "type": "object", + "secretstore": { + "EnvironmentAndSystemPropertySecretStore": { + "_id": "EnvironmentAndSystemPropertySecretStore", + "_type": { + "_id": "EnvironmentAndSystemPropertySecretStore", + "collection": false, + "name": "Environment and System Property Secrets Store", }, - "logical": true, - "title": "NOT", + "format": "BASE64", }, }, } `; -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/OR.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secretstore/default-keystore.secretstore.json 1`] = ` { "meta": Any, - "subjectTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "subjects": { - "type": "array", - }, - }, - "type": "object", + "secretstore": { + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", }, - "logical": true, - "title": "OR", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/subjectTypes/Policy.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", - }, - "name": { - "type": "string", - }, - "values": { - "items": { - "type": "string", - }, - "type": "array", + "file": "/home/prestonhales/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [ + { + "_id": "am.applications.agents.remote.consent.request.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", }, - }, - "type": "object", - }, - "logical": false, - "title": "Policy", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Contrast.theme.json 1`] = ` -{ - "meta": Any, - "theme": { - "cd6c93e2-52e2-4340-9770-66a588343841": { - "_id": "cd6c93e2-52e2-4340-9770-66a588343841", - "accountFooter": "
© 2021 -My Company, IncPrivacy PolicyTerms & Conditions
", - "accountFooterEnabled": false, - "accountPageSections": { - "accountControls": { - "enabled": false, - }, - "accountSecurity": { - "enabled": true, - "subsections": { - "password": { - "enabled": true, - }, - "securityQuestions": { - "enabled": false, - }, - "twoStepVerification": { - "enabled": true, - }, - "username": { - "enabled": true, - }, + "aliases": [ + "es256test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES256", + }, + { + "_id": "am.applications.agents.remote.consent.request.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", }, + "aliases": [ + "es384test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES384", }, - "consent": { - "enabled": false, + { + "_id": "am.applications.agents.remote.consent.request.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES512", }, - "oauthApplications": { - "enabled": false, + { + "_id": "am.applications.agents.remote.consent.request.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.RSA", }, - "personalInformation": { - "enabled": true, + { + "_id": "am.authentication.nodes.persistentcookie.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.authentication.nodes.persistentcookie.encryption", }, - "preferences": { - "enabled": false, + { + "_id": "am.authn.authid.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.authn.authid.signing.HMAC", }, - "social": { - "enabled": false, + { + "_id": "am.authn.trees.transientstate.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.authn.trees.transientstate.encryption", }, - "trustedDevices": { - "enabled": true, + { + "_id": "am.default.applications.federation.entity.providers.saml2.idp.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.idp.encryption", }, - }, - "backgroundColor": "#FFFFFF", - "backgroundImage": "", - "bodyText": "#000000", - "buttonRounded": "0", - "dangerColor": "#f7685b", - "favicon": "", - "isDefault": false, - "journeyFooter": "
© 2021 -My Company, IncPrivacy PolicyTerms & Conditions
", - "journeyFooterEnabled": false, - "journeyHeader": "
Header Content
", - "journeyHeaderEnabled": false, - "journeyJustifiedContent": "", - "journeyJustifiedContentEnabled": false, - "journeyLayout": "card", - "journeyTheaterMode": false, - "linkActiveColor": "#000000", - "linkColor": "#000000", - "linkedTrees": [], - "logo": "https://cdn.forgerock.com/platform/themes/contrast/logo-contrast.svg", - "logoAltText": "Contrast", - "logoEnabled": true, - "logoHeight": "72", - "logoProfile": "data:image/svg+xml,%0A%3Csvg width='46' height='46' viewBox='0 0 46 46' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M24.3477 13.5664H43.9438C43.5192 12.6317 43.0319 11.734 42.4905 10.8711H24.3477V13.5664Z' fill='black'/%3E%3Cpath d='M24.3477 8.17578H40.5261C39.6996 7.2052 38.7974 6.30182 37.8224 5.48047H24.3477V8.17578Z' fill='black'/%3E%3Cpath d='M24.3477 40.5195H37.8224C38.7975 39.6982 39.6996 38.7948 40.5261 37.8242H24.3477V40.5195Z' fill='black'/%3E%3Cpath d='M24.3477 2.78516H33.8482C31.0136 1.27039 27.7313 0.198195 24.3477 0V2.78516Z' fill='black'/%3E%3Cpath d='M24.3477 18.957H45.6208C45.4566 18.0405 45.2557 17.1372 44.9856 16.2617H24.3477V18.957Z' fill='black'/%3E%3Cpath d='M24.3477 21.6523V24.3477H45.9317C45.958 23.8992 46 23.4549 46 23C46 22.5451 45.958 22.1008 45.9317 21.6523H24.3477Z' fill='black'/%3E%3Cpath d='M0 23C0 35.1781 9.64778 45.2964 21.6523 46V0C9.64778 0.703566 0 10.8219 0 23Z' fill='black'/%3E%3Cpath d='M24.3477 46C27.7313 45.8018 31.0136 44.7296 33.8482 43.2148H24.3477V46Z' fill='black'/%3E%3Cpath d='M45.6208 27.043H24.3477V29.7383H44.9857C45.2557 28.8628 45.4566 27.9595 45.6208 27.043V27.043Z' fill='black'/%3E%3Cpath d='M24.3477 35.1289H42.4905C43.0319 34.266 43.5192 33.3683 43.9438 32.4336H24.3477V35.1289Z' fill='black'/%3E%3C/svg%3E%0A", - "logoProfileAltText": "Contrast", - "logoProfileCollapsed": "data:image/svg+xml,%0A%3Csvg width='46' height='46' viewBox='0 0 46 46' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M24.3477 13.5664H43.9438C43.5192 12.6317 43.0319 11.734 42.4905 10.8711H24.3477V13.5664Z' fill='black'/%3E%3Cpath d='M24.3477 8.17578H40.5261C39.6996 7.2052 38.7974 6.30182 37.8224 5.48047H24.3477V8.17578Z' fill='black'/%3E%3Cpath d='M24.3477 40.5195H37.8224C38.7975 39.6982 39.6996 38.7948 40.5261 37.8242H24.3477V40.5195Z' fill='black'/%3E%3Cpath d='M24.3477 2.78516H33.8482C31.0136 1.27039 27.7313 0.198195 24.3477 0V2.78516Z' fill='black'/%3E%3Cpath d='M24.3477 18.957H45.6208C45.4566 18.0405 45.2557 17.1372 44.9856 16.2617H24.3477V18.957Z' fill='black'/%3E%3Cpath d='M24.3477 21.6523V24.3477H45.9317C45.958 23.8992 46 23.4549 46 23C46 22.5451 45.958 22.1008 45.9317 21.6523H24.3477Z' fill='black'/%3E%3Cpath d='M0 23C0 35.1781 9.64778 45.2964 21.6523 46V0C9.64778 0.703566 0 10.8219 0 23Z' fill='black'/%3E%3Cpath d='M24.3477 46C27.7313 45.8018 31.0136 44.7296 33.8482 43.2148H24.3477V46Z' fill='black'/%3E%3Cpath d='M45.6208 27.043H24.3477V29.7383H44.9857C45.2557 28.8628 45.4566 27.9595 45.6208 27.043V27.043Z' fill='black'/%3E%3Cpath d='M24.3477 35.1289H42.4905C43.0319 34.266 43.5192 33.3683 43.9438 32.4336H24.3477V35.1289Z' fill='black'/%3E%3C/svg%3E%0A", - "logoProfileCollapsedAltText": "", - "logoProfileCollapsedHeight": "22", - "logoProfileHeight": "22", - "name": "Contrast", - "pageTitle": "#23282e", - "primaryColor": "#000000", - "primaryOffColor": "#000000", - "profileBackgroundColor": "#FFFFFF", - "profileMenuHighlightColor": "#FFFFFF", - "profileMenuHoverColor": "#FFFFFF", - "profileMenuHoverTextColor": "#000000", - "profileMenuTextHighlightColor": "#455469", - "secondaryColor": "#69788b", - "textColor": "#ffffff", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Highlander.theme.json 1`] = ` -{ - "meta": Any, - "theme": { - "00203891-dde0-4114-b27a-219ae0b43a61": { - "_id": "00203891-dde0-4114-b27a-219ae0b43a61", - "accountFooter": " -", - "accountFooterEnabled": true, - "accountPageSections": { - "accountControls": { - "enabled": false, + { + "_id": "am.default.applications.federation.entity.providers.saml2.idp.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.idp.signing", }, - "accountSecurity": { - "enabled": true, - "subsections": { - "password": { - "enabled": true, - }, - "securityQuestions": { - "enabled": false, - }, - "twoStepVerification": { - "enabled": true, - }, - "username": { - "enabled": true, - }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.sp.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", }, + "aliases": [ + "test", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.sp.encryption", }, - "consent": { - "enabled": false, + { + "_id": "am.default.applications.federation.entity.providers.saml2.sp.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.sp.signing", }, - "oauthApplications": { - "enabled": false, + { + "_id": "am.default.authentication.modules.persistentcookie.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.authentication.modules.persistentcookie.encryption", }, - "personalInformation": { - "enabled": true, + { + "_id": "am.default.authentication.modules.persistentcookie.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.default.authentication.modules.persistentcookie.signing", }, - "preferences": { - "enabled": false, + { + "_id": "am.default.authentication.nodes.persistentcookie.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.default.authentication.nodes.persistentcookie.signing", }, - "social": { - "enabled": false, + { + "_id": "am.global.services.oauth2.oidc.agent.idtoken.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.global.services.oauth2.oidc.agent.idtoken.signing", }, - "trustedDevices": { - "enabled": true, + { + "_id": "am.global.services.saml2.client.storage.jwt.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.global.services.saml2.client.storage.jwt.encryption", }, - }, - "backgroundColor": "#FFFFFF", - "backgroundImage": "", - "bodyText": "#5E6D82", - "buttonRounded": "50", - "dangerColor": "#f7685b", - "favicon": "", - "isDefault": false, - "journeyFooter": " - -", - "journeyFooterEnabled": true, - "journeyHeader": "
- -
-", - "journeyHeaderEnabled": true, - "journeyJustifiedContent": "", - "journeyJustifiedContentEnabled": false, - "journeyLayout": "card", - "journeyTheaterMode": false, - "linkActiveColor": "#C60819", - "linkColor": "#EB0A1E", - "linkedTrees": [], - "logo": "", - "logoAltText": "", - "logoEnabled": true, - "logoHeight": "40", - "logoProfile": "https://cdn.forgerock.com/platform/themes/highlander/logo-highlander-full.svg", - "logoProfileAltText": "Highlander", - "logoProfileCollapsed": "https://cdn.forgerock.com/platform/themes/highlander/logo-highlander-icon.svg", - "logoProfileCollapsedAltText": "Highlander", - "logoProfileCollapsedHeight": "28", - "logoProfileHeight": "28", - "name": "Highlander", - "pageTitle": "#23282e", - "primaryColor": "#EB0A1E", - "primaryOffColor": "#C60819", - "profileBackgroundColor": "#FFFFFF", - "profileMenuHighlightColor": "#FFFFFF", - "profileMenuHoverColor": "#FFFFFF", - "profileMenuHoverTextColor": "#455469", - "profileMenuTextHighlightColor": "#EB0A1E", - "secondaryColor": "#69788b", - "textColor": "#ffffff", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Robroy.theme.json 1`] = ` -{ - "meta": Any, - "theme": { - "b82755e8-fe9a-4d27-b66b-45e37ae12345": { - "_id": "b82755e8-fe9a-4d27-b66b-45e37ae12345", - "accountFooter": " -", - "accountFooterEnabled": true, - "accountPageSections": { - "accountControls": { - "enabled": false, + { + "_id": "am.global.services.session.clientbased.encryption.AES", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "aestest", + ], + "secretId": "am.global.services.session.clientbased.encryption.AES", }, - "accountSecurity": { - "enabled": true, - "subsections": { - "password": { - "enabled": true, - }, - "securityQuestions": { - "enabled": false, - }, - "twoStepVerification": { - "enabled": true, - }, - "username": { - "enabled": true, - }, + { + "_id": "am.global.services.session.clientbased.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.global.services.session.clientbased.signing.HMAC", }, - "consent": { - "enabled": false, + { + "_id": "am.services.iot.jwt.issuer.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.iot.jwt.issuer.signing", }, - "oauthApplications": { - "enabled": false, + { + "_id": "am.services.oauth2.jwt.authenticity.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.oauth2.jwt.authenticity.signing", }, - "personalInformation": { - "enabled": true, + { + "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP", }, - "preferences": { - "enabled": false, + { + "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", }, - "social": { - "enabled": false, + { + "_id": "am.services.oauth2.oidc.decryption.RSA1.5", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA1.5", }, - "trustedDevices": { - "enabled": true, + { + "_id": "am.services.oauth2.oidc.rp.idtoken.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.rp.idtoken.encryption", }, - }, - "backgroundColor": "#FFFFFF", - "backgroundImage": "", - "bodyText": "#5E6D82", - "buttonRounded": "50", - "dangerColor": "#f7685b", - "favicon": "", - "isDefault": false, - "journeyFooter": " -", - "journeyFooterEnabled": true, - "journeyHeader": "
- -
-", - "journeyHeaderEnabled": true, - "journeyJustifiedContent": "", - "journeyJustifiedContentEnabled": true, - "journeyLayout": "justified-right", - "journeyTheaterMode": false, - "linkActiveColor": "#49871E", - "linkColor": "#5AA625", - "linkedTrees": [], - "logo": "", - "logoAltText": "", - "logoEnabled": true, - "logoHeight": "40", - "logoProfile": "data:image/svg+xml,%0A%3Csvg width='156' height='34' viewBox='0 0 156 34' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cg clip-path='url(%23clip0)'%3E%3Cpath d='M32.5539 32.5538C32.5539 32.5538 17.0796 35.6024 7.23861 25.7614C-2.60242 15.9204 0.446148 0.446137 0.446148 0.446137C0.446148 0.446137 15.9204 -2.60243 25.7614 7.23866C35.6024 17.0797 32.5539 32.5538 32.5539 32.5538Z' fill='%23C3EA21'/%3E%3Cpath d='M32.5537 32.554C32.5537 32.554 17.0795 35.6026 7.23845 25.7615C-2.60257 15.9205 0.445995 0.446289 0.445995 0.446289L32.5537 32.554Z' fill='%238ADB53'/%3E%3C/g%3E%3Cpath d='M51.053 25.38L53.186 25.11V8.964L51.161 8.586V6.939H55.076C55.418 6.939 55.796 6.93 56.21 6.912C56.624 6.894 56.939 6.876 57.155 6.858C58.091 6.786 58.865 6.75 59.477 6.75C61.331 6.75 62.816 6.939 63.932 7.317C65.048 7.695 65.858 8.271 66.362 9.045C66.866 9.819 67.118 10.836 67.118 12.096C67.118 13.338 66.785 14.49 66.119 15.552C65.453 16.614 64.49 17.343 63.23 17.739C63.95 18.045 64.589 18.603 65.147 19.413C65.705 20.223 66.299 21.276 66.929 22.572C67.379 23.454 67.721 24.093 67.955 24.489C68.207 24.867 68.45 25.083 68.684 25.137L69.575 25.407V27H64.985C64.697 27 64.391 26.712 64.067 26.136C63.761 25.542 63.356 24.615 62.852 23.355C62.258 21.879 61.745 20.727 61.313 19.899C60.881 19.071 60.422 18.558 59.936 18.36H57.155V25.11L59.639 25.38V27H51.053V25.38ZM59.639 16.713C60.665 16.713 61.466 16.344 62.042 15.606C62.618 14.868 62.906 13.761 62.906 12.285C62.906 10.971 62.618 9.999 62.042 9.369C61.484 8.739 60.512 8.424 59.126 8.424C58.622 8.424 58.19 8.451 57.83 8.505C57.488 8.541 57.263 8.559 57.155 8.559V16.659C57.371 16.695 57.893 16.713 58.721 16.713H59.639ZM70.674 19.521C70.674 17.829 71.007 16.389 71.673 15.201C72.357 14.013 73.266 13.122 74.4 12.528C75.534 11.916 76.767 11.61 78.099 11.61C80.367 11.61 82.113 12.312 83.337 13.716C84.579 15.102 85.2 16.992 85.2 19.386C85.2 21.096 84.858 22.554 84.174 23.76C83.508 24.948 82.608 25.839 81.474 26.433C80.358 27.009 79.125 27.297 77.775 27.297C75.525 27.297 73.779 26.604 72.537 25.218C71.295 23.814 70.674 21.915 70.674 19.521ZM77.991 25.542C80.025 25.542 81.042 23.58 81.042 19.656C81.042 17.604 80.799 16.047 80.313 14.985C79.827 13.905 79.035 13.365 77.937 13.365C75.849 13.365 74.805 15.327 74.805 19.251C74.805 21.303 75.057 22.869 75.561 23.949C76.083 25.011 76.893 25.542 77.991 25.542ZM86.4395 5.454L91.3805 4.86H91.4345L92.1905 5.373V13.338C92.6765 12.852 93.2705 12.447 93.9725 12.123C94.6925 11.781 95.4665 11.61 96.2945 11.61C98.0225 11.61 99.4265 12.222 100.506 13.446C101.604 14.652 102.153 16.506 102.153 19.008C102.153 20.556 101.829 21.96 101.181 23.22C100.533 24.48 99.5975 25.479 98.3735 26.217C97.1675 26.937 95.7635 27.297 94.1615 27.297C92.7395 27.297 91.5065 27.18 90.4625 26.946C89.4185 26.694 88.7525 26.469 88.4645 26.271V7.182L86.4395 6.858V5.454ZM94.8635 13.986C94.3235 13.986 93.8105 14.112 93.3245 14.364C92.8565 14.598 92.4785 14.868 92.1905 15.174V25.029C92.2985 25.227 92.5505 25.389 92.9465 25.515C93.3425 25.641 93.7925 25.704 94.2965 25.704C95.4485 25.704 96.3665 25.173 97.0505 24.111C97.7525 23.031 98.1035 21.438 98.1035 19.332C98.1035 17.514 97.8065 16.173 97.2125 15.309C96.6185 14.427 95.8355 13.986 94.8635 13.986Z' fill='black'/%3E%3Cpath d='M104.183 25.38L106.316 25.11V8.964L104.291 8.586V6.939H108.206C108.548 6.939 108.926 6.93 109.34 6.912C109.754 6.894 110.069 6.876 110.285 6.858C111.221 6.786 111.995 6.75 112.607 6.75C114.461 6.75 115.946 6.939 117.062 7.317C118.178 7.695 118.988 8.271 119.492 9.045C119.996 9.819 120.248 10.836 120.248 12.096C120.248 13.338 119.915 14.49 119.249 15.552C118.583 16.614 117.62 17.343 116.36 17.739C117.08 18.045 117.719 18.603 118.277 19.413C118.835 20.223 119.429 21.276 120.059 22.572C120.509 23.454 120.851 24.093 121.085 24.489C121.337 24.867 121.58 25.083 121.814 25.137L122.705 25.407V27H118.115C117.827 27 117.521 26.712 117.197 26.136C116.891 25.542 116.486 24.615 115.982 23.355C115.388 21.879 114.875 20.727 114.443 19.899C114.011 19.071 113.552 18.558 113.066 18.36H110.285V25.11L112.769 25.38V27H104.183V25.38ZM112.769 16.713C113.795 16.713 114.596 16.344 115.172 15.606C115.748 14.868 116.036 13.761 116.036 12.285C116.036 10.971 115.748 9.999 115.172 9.369C114.614 8.739 113.642 8.424 112.256 8.424C111.752 8.424 111.32 8.451 110.96 8.505C110.618 8.541 110.393 8.559 110.285 8.559V16.659C110.501 16.695 111.023 16.713 111.851 16.713H112.769ZM123.804 19.521C123.804 17.829 124.137 16.389 124.803 15.201C125.487 14.013 126.396 13.122 127.53 12.528C128.664 11.916 129.897 11.61 131.229 11.61C133.497 11.61 135.243 12.312 136.467 13.716C137.709 15.102 138.33 16.992 138.33 19.386C138.33 21.096 137.988 22.554 137.304 23.76C136.638 24.948 135.738 25.839 134.604 26.433C133.488 27.009 132.255 27.297 130.905 27.297C128.655 27.297 126.909 26.604 125.667 25.218C124.425 23.814 123.804 21.915 123.804 19.521ZM131.121 25.542C133.155 25.542 134.172 23.58 134.172 19.656C134.172 17.604 133.929 16.047 133.443 14.985C132.957 13.905 132.165 13.365 131.067 13.365C128.979 13.365 127.935 15.327 127.935 19.251C127.935 21.303 128.187 22.869 128.691 23.949C129.213 25.011 130.023 25.542 131.121 25.542ZM143.187 33.723C142.863 33.723 142.512 33.696 142.134 33.642C141.774 33.588 141.513 33.525 141.351 33.453V30.564C141.477 30.636 141.729 30.708 142.107 30.78C142.485 30.852 142.827 30.888 143.133 30.888C144.033 30.888 144.771 30.591 145.347 29.997C145.941 29.403 146.49 28.404 146.994 27H145.536L140.46 13.905L139.245 13.554V11.988H146.67V13.554L144.699 13.878L147.102 21.357L148.074 24.543L148.911 21.357L151.125 13.878L149.424 13.554V11.988H155.283V13.554L153.96 13.878C152.97 16.902 151.989 19.818 151.017 22.626C150.045 25.434 149.478 27.009 149.316 27.351C148.74 28.863 148.191 30.069 147.669 30.969C147.147 31.869 146.526 32.553 145.806 33.021C145.086 33.489 144.213 33.723 143.187 33.723Z' fill='%236CBE34'/%3E%3Cdefs%3E%3CclipPath id='clip0'%3E%3Crect width='33' height='33' fill='white' transform='matrix(-1 0 0 1 33 0)'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E%0A", - "logoProfileAltText": "RobRoy", - "logoProfileCollapsed": "data:image/svg+xml,%0A%3Csvg width='33' height='33' viewBox='0 0 33 33' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cg clip-path='url(%23clip0)'%3E%3Cpath d='M32.5539 32.5538C32.5539 32.5538 17.0796 35.6024 7.23861 25.7614C-2.60242 15.9204 0.446148 0.446137 0.446148 0.446137C0.446148 0.446137 15.9204 -2.60243 25.7614 7.23866C35.6024 17.0797 32.5539 32.5538 32.5539 32.5538Z' fill='%23C3EA21'/%3E%3Cpath d='M32.5537 32.554C32.5537 32.554 17.0795 35.6026 7.23845 25.7615C-2.60257 15.9205 0.445996 0.446289 0.445996 0.446289L32.5537 32.554Z' fill='%238ADB53'/%3E%3C/g%3E%3Cdefs%3E%3CclipPath id='clip0'%3E%3Crect width='33' height='33' fill='white' transform='matrix(-1 0 0 1 33 0)'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E%0A", - "logoProfileCollapsedAltText": "RobRoy", - "logoProfileCollapsedHeight": "28", - "logoProfileHeight": "28", - "name": "Robroy", - "pageTitle": "#23282e", - "primaryColor": "#5AA625", - "primaryOffColor": "#49871E", - "profileBackgroundColor": "#FFFFFF", - "profileMenuHighlightColor": "#FFFFFF", - "profileMenuHoverColor": "#FFFFFF", - "profileMenuHoverTextColor": "#455469", - "profileMenuTextHighlightColor": "#5AA625", - "secondaryColor": "#69788b", - "textColor": "#ffffff", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Starter-Theme.theme.json 1`] = ` -{ - "meta": Any, - "theme": { - "86ce2f64-586d-44fe-8593-b12a85aac68d": { - "_id": "86ce2f64-586d-44fe-8593-b12a85aac68d", - "accountFooter": "
© 2021 -My Company, IncPrivacy PolicyTerms & Conditions
", - "accountFooterEnabled": false, - "accountPageSections": { - "accountControls": { - "enabled": false, + { + "_id": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", }, - "accountSecurity": { - "enabled": true, - "subsections": { - "password": { - "enabled": true, - }, - "securityQuestions": { - "enabled": false, - }, - "twoStepVerification": { - "enabled": true, - }, - "username": { - "enabled": true, - }, + { + "_id": "am.services.oauth2.oidc.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", }, + "aliases": [ + "es256test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES256", }, - "consent": { - "enabled": false, + { + "_id": "am.services.oauth2.oidc.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es384test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES384", }, - "oauthApplications": { - "enabled": false, + { + "_id": "am.services.oauth2.oidc.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES512", }, - "personalInformation": { - "enabled": true, + { + "_id": "am.services.oauth2.oidc.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.oidc.signing.RSA", }, - "preferences": { - "enabled": false, + { + "_id": "am.services.oauth2.remote.consent.request.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "selfserviceenctest", + ], + "secretId": "am.services.oauth2.remote.consent.request.encryption", }, - "social": { - "enabled": false, + { + "_id": "am.services.oauth2.remote.consent.response.decryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.remote.consent.response.decryption", }, - "trustedDevices": { - "enabled": true, + { + "_id": "am.services.oauth2.remote.consent.response.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.remote.consent.response.signing.RSA", }, - }, - "backgroundColor": "#324054", - "backgroundImage": "", - "bodyText": "#23282e", - "buttonRounded": 5, - "dangerColor": "#f7685b", - "favicon": "", - "isDefault": true, - "journeyFooter": "
© 2021 -My Company, IncPrivacy PolicyTerms & Conditions
", - "journeyFooterEnabled": false, - "journeyHeader": "
Header Content
", - "journeyHeaderEnabled": false, - "journeyJustifiedContent": "", - "journeyJustifiedContentEnabled": false, - "journeyLayout": "card", - "journeyTheaterMode": false, - "linkActiveColor": "#0c85cf", - "linkColor": "#109cf1", - "linkedTrees": [], - "logo": "", - "logoAltText": "", - "logoHeight": "40", - "logoProfile": "", - "logoProfileAltText": "", - "logoProfileCollapsed": "", - "logoProfileCollapsedAltText": "", - "logoProfileCollapsedHeight": "40", - "logoProfileHeight": "40", - "name": "Starter Theme", - "pageTitle": "#23282e", - "primaryColor": "#324054", - "primaryOffColor": "#242E3C", - "profileBackgroundColor": "#f6f8fa", - "profileMenuHighlightColor": "#f3f5f8", - "profileMenuHoverColor": "#324054", - "profileMenuHoverTextColor": "#ffffff", - "profileMenuTextHighlightColor": "#455469", - "secondaryColor": "#69788b", - "textColor": "#ffffff", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5: exportAllTestDir5/realm/root-bravo/theme/Zardoz.theme.json 1`] = ` -{ - "meta": Any, - "theme": { - "4ded6d91-ceea-400a-ae3f-42209f1b0e06": { - "_id": "4ded6d91-ceea-400a-ae3f-42209f1b0e06", - "accountFooter": " -", - "accountFooterEnabled": true, - "accountPageSections": { - "accountControls": { - "enabled": false, + { + "_id": "am.services.oauth2.stateless.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es256test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES256", }, - "accountSecurity": { - "enabled": true, - "subsections": { - "password": { - "enabled": true, - }, - "securityQuestions": { - "enabled": false, - }, - "twoStepVerification": { - "enabled": true, - }, - "username": { - "enabled": true, - }, + { + "_id": "am.services.oauth2.stateless.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", }, + "aliases": [ + "es384test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES384", }, - "consent": { - "enabled": false, + { + "_id": "am.services.oauth2.stateless.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES512", }, - "oauthApplications": { - "enabled": false, + { + "_id": "am.services.oauth2.stateless.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.oauth2.stateless.signing.HMAC", }, - "personalInformation": { - "enabled": true, + { + "_id": "am.services.oauth2.stateless.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.stateless.signing.RSA", }, - "preferences": { - "enabled": false, + { + "_id": "am.services.oauth2.stateless.token.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.services.oauth2.stateless.token.encryption", }, - "social": { - "enabled": false, + { + "_id": "am.services.saml2.metadata.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.saml2.metadata.signing.RSA", }, - "trustedDevices": { - "enabled": true, + { + "_id": "am.services.uma.pct.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.services.uma.pct.encryption", }, - }, - "backgroundColor": "#FFFFFF", - "backgroundImage": "", - "bodyText": "#5E6D82", - "buttonRounded": "50", - "dangerColor": "#f7685b", - "favicon": "", - "isDefault": false, - "journeyFooter": " -", - "journeyFooterEnabled": true, - "journeyHeader": "
Header Content
", - "journeyHeaderEnabled": false, - "journeyJustifiedContent": "
-

Uptime & Performance Benchmarking Made Easy

-
- -", - "journeyJustifiedContentEnabled": true, - "journeyLayout": "justified-right", - "journeyTheaterMode": true, - "linkActiveColor": "#007661", - "linkColor": "#009C80", - "linkedTrees": [], - "logo": "https://cdn.forgerock.com/platform/themes/zardoz/logo-zardoz.svg", - "logoAltText": "Zardoz Logo", - "logoEnabled": true, - "logoHeight": "47", - "logoProfile": "https://cdn.forgerock.com/platform/themes/zardoz/logo-zardoz.svg", - "logoProfileAltText": "Zardaz Logo", - "logoProfileCollapsed": "https://cdn.forgerock.com/platform/themes/zardoz/logo-zardoz.svg", - "logoProfileCollapsedAltText": "Zardaz Logo", - "logoProfileCollapsedHeight": "28", - "logoProfileHeight": "40", - "name": "Zardoz", - "pageTitle": "#23282e", - "primaryColor": "#009C80", - "primaryOffColor": "#007661", - "profileBackgroundColor": "#FFFFFF", - "profileMenuHighlightColor": "#FFFFFF", - "profileMenuHoverColor": "#FFFFFF", - "profileMenuHoverTextColor": "#455469", - "profileMenuTextHighlightColor": "#009C80", - "secondaryColor": "#69788b", - "textColor": "#ffffff", + ], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate 1`] = `""`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/agent/AgentService.agent.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secretstore/default-passwords-store.secretstore.json 1`] = ` { - "agent": { - "AgentService": { - "_id": "AgentService", + "meta": Any, + "secretstore": { + "default-passwords-store": { + "_id": "default-passwords-store", "_type": { - "_id": "AgentService", - "collection": false, - "name": "AgentService", + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", }, + "directory": "/home/prestonhales/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authentication/global.authentication.settings.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01.server.json 1`] = ` { - "authentication": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Core", - }, - "authenticators": [ - "com.sun.identity.authentication.modules.ad.AD", - "org.forgerock.openam.authentication.modules.saml2.SAML2", - "org.forgerock.openam.authentication.modules.social.SocialAuthInstagram", - "org.forgerock.openam.authentication.modules.oath.OATH", - "org.forgerock.openam.authentication.modules.social.SocialAuthVK", - "com.sun.identity.authentication.modules.membership.Membership", - "com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO", - "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave", - "com.sun.identity.authentication.modules.federation.Federation", - "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdMatch", - "com.sun.identity.authentication.modules.jdbc.JDBC", - "com.sun.identity.authentication.modules.radius.RADIUS", - "com.sun.identity.authentication.modules.anonymous.Anonymous", - "com.sun.identity.authentication.modules.cert.Cert", - "org.forgerock.openam.authentication.modules.push.registration.AuthenticatorPushRegistration", - "com.sun.identity.authentication.modules.httpbasic.HTTPBasic", - "org.forgerock.openam.authentication.modules.oidc.OpenIdConnect", - "com.sun.identity.authentication.modules.sae.SAE", - "org.forgerock.openam.authentication.modules.social.SocialAuthWeChat", - "org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookie", - "org.forgerock.openam.authentication.modules.social.SocialAuthTwitter", - "com.sun.identity.authentication.modules.ldap.LDAP", - "org.forgerock.openam.authentication.modules.push.AuthenticatorPush", - "org.forgerock.openam.authentication.modules.oauth2.OAuth", - "com.sun.identity.authentication.modules.nt.NT", - "org.forgerock.openam.authentication.modules.social.SocialAuthWeChatMobile", - "org.forgerock.openam.authentication.modules.jwtpop.JwtProofOfPossession", - "com.sun.identity.authentication.modules.application.Application", - "org.forgerock.openam.authentication.modules.scripted.Scripted", - "org.forgerock.openam.authentication.modules.social.SocialAuthOAuth2", - "com.sun.identity.authentication.modules.hotp.HOTP", - "org.forgerock.openam.authentication.modules.adaptive.Adaptive", - "org.forgerock.openam.authentication.modules.accountactivecheck.AccountActiveCheck", - "org.forgerock.openam.authentication.modules.social.SocialAuthOpenID", - "com.sun.identity.authentication.modules.msisdn.MSISDN", - "org.forgerock.openam.authentication.modules.fr.oath.AuthenticatorOATH", - "com.sun.identity.authentication.modules.datastore.DataStore", - "com.sun.identity.authentication.modules.securid.SecurID", - "org.forgerock.openam.authentication.modules.amster.Amster", - ], - "defaults": { - "accountlockout": { - "lockoutDuration": 0, - "lockoutDurationMultiplier": 1, - "lockoutWarnUserCount": 0, - "loginFailureCount": 5, - "loginFailureDuration": 300, - "loginFailureLockoutMode": false, - "storeInvalidAttemptsInDataStore": true, - }, - "core": { - "adminAuthModule": "[Empty]", - "orgConfig": "[Empty]", - }, - "general": { - "defaultAuthLevel": 0, - "identityType": [ - "agent", - "user", - ], - "locale": "en_US", - "statelessSessionsEnabled": false, - "twoFactorRequired": false, - "userStatusCallbackPlugins": [], - }, - "postauthprocess": { - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [ - "/am/console", - ], - "userAttributeSessionMapping": [], - "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", - "usernameGeneratorEnabled": true, - }, - "security": { - "addClearSiteDataHeader": true, - "moduleBasedAuthEnabled": true, - "sharedSecret": null, - "zeroPageLoginAllowedWithoutReferrer": true, - "zeroPageLoginEnabled": false, - "zeroPageLoginReferrerWhiteList": [], - }, - "trees": { - "authenticationSessionsMaxDuration": 5, - "authenticationSessionsStateManagement": "JWT", - "authenticationSessionsWhitelist": false, - "authenticationTreeCookieHttpOnly": true, - "suspendedAuthenticationTimeout": 5, - }, - "userprofile": { - "aliasAttributeName": [], - "defaultRole": [], - "dynamicProfileCreation": "false", + "defaultProperties": { + "advanced": "file://default/advanced.default.properties.server.json", + "cts": "file://default/cts.default.properties.server.json", + "general": "file://default/general.default.properties.server.json", + "sdk": "file://default/sdk.default.properties.server.json", + "security": "file://default/security.default.properties.server.json", + "session": "file://default/session.default.properties.server.json", + "uma": "file://default/uma.default.properties.server.json", + }, + "meta": Any, + "server": { + "01": { + "_id": "01", + "properties": { + "advanced": "file://01/advanced.properties.server.json", + "cts": "file://01/cts.properties.server.json", + "directoryConfiguration": "file://01/directoryConfiguration.properties.server.json", + "general": "file://01/general.properties.server.json", + "sdk": "file://01/sdk.properties.server.json", + "security": "file://01/security.properties.server.json", + "session": "file://01/session.properties.server.json", + "uma": "file://01/uma.properties.server.json", }, + "siteName": null, + "url": "http://localhost:8080/am", }, - "keepPostProcessInstances": false, - "ldapConnectionPoolDefaultSize": "1:10", - "ldapConnectionPoolSize": [], - "remoteAuthSecurityEnabled": false, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationChains/EMPTY.authenticationChains.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/advanced.properties.server.json 1`] = ` { - "authenticationChains": { - "EMPTY": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Authentication Configuration", - }, - "dynamic": { - "authChainConfiguration": "[Empty]", - }, + "_id": "01/properties/advanced", + "bootstrap.file": "/home/prestonhales/.openamcfg/AMConfig_usr_local_tomcat_webapps_am_", + "com.iplanet.am.lbcookie.value": "01", + "com.iplanet.am.serverMode": true, + "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", + "com.sun.embedded.replicationport": "", + "com.sun.embedded.sync.servers": "on", + "com.sun.identity.common.systemtimerpool.size": "3", + "com.sun.identity.sm.sms_object_class_name": "com.sun.identity.sm.SmsWrapperObject", + "com.sun.identity.urlconnection.useCache": false, + "opensso.protocol.handler.pkgs": "", + "org.forgerock.embedded.dsadminport": "4444", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/cts.properties.server.json 1`] = ` +{ + "_id": "01/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/accountactivecheck.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/directoryConfiguration.properties.server.json 1`] = ` { - "authenticationModules": { - "accountactivecheck": { - "_id": "accountactivecheck", - "_type": { - "_id": "accountactivecheck", - "collection": false, - "name": "Account Active Check", - }, - "defaults": { - "authenticationLevel": 0, - }, + "_id": "01/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, + }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/general.properties.server.json 1`] = ` +{ + "_id": "01/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", }, }, - "meta": Any, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": false, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": false, + "value": "/home/prestonhales/am", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", + }, + }, + "amconfig.header.site": { + "singleChoiceSite": "[Empty]", + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/activedirectory.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/sdk.properties.server.json 1`] = ` { - "authenticationModules": { - "activedirectory": { - "_id": "activedirectory", - "_type": { - "_id": "activedirectory", - "collection": false, - "name": "Active Directory", - }, - "defaults": { - "authenticationLevel": 0, - "connectionHeartbeatInterval": 1, - "connectionHeartbeatTimeUnit": "MINUTES", - "openam-auth-ldap-connection-mode": "LDAP", - "operationTimeout": 0, - "primaryLdapServer": [ - "localhost:50636", - ], - "profileAttributeMappings": [], - "returnUserDN": true, - "searchScope": "SUBTREE", - "secondaryLdapServer": [], - "stopLdapbindAfterInmemoryLockedEnabled": false, - "trustAllServerCertificates": false, - "userBindDN": "cn=Directory Manager", - "userProfileRetrievalAttribute": "uid", - "userSearchAttributes": [ - "uid", - ], - "userSearchStartDN": [ - "dc=openam,dc=forgerock,dc=org", - ], - }, + "_id": "01/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": false, + "value": true, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": false, + "value": "aci,um", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": false, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/adaptiverisk.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/security.properties.server.json 1`] = ` { - "authenticationModules": { - "adaptiverisk": { - "_id": "adaptiverisk", - "_type": { - "_id": "adaptiverisk", - "collection": false, - "name": "Adaptive Risk ", - }, - "defaults": { - "attributecheck": { - "invertProfileRiskAttributeScore": false, - "profileRiskAttributeCheckEnabled": false, - "profileRiskAttributeScore": 1, - }, - "authfailed": { - "failedAuthenticationCheckEnabled": false, - "failureScore": 1, - "invertFailureScore": false, - }, - "devicecookie": { - "deviceCookieCheckEnabled": false, - "deviceCookieName": "Device", - "deviceCookieScore": 1, - "invertDeviceCookieScore": false, - "saveDeviceCookieValueOnSuccessfulLogin": false, - }, - "general": { - "authenticationLevel": 0, - "riskThreshold": 1, - }, - "geolocation": { - "geolocationCheckEnabled": false, - "geolocationScore": 1, - "invertGeolocationScore": false, - }, - "iphistory": { - "invertIPHistoryScore": false, - "ipHistoryCheckEnabled": false, - "ipHistoryCount": 5, - "ipHistoryProfileAttribute": "iphistory", - "ipHistoryScore": 1, - "saveSuccessfulIP": false, - }, - "iprange": { - "invertIPRangeScoreEnabled": false, - "ipRange": [ - "10.0.0.0/24", - ], - "ipRangeCheckEnabled": false, - "ipRangeScore": 1, - }, - "knowncookie": { - "createKnownCookieOnSuccessfulLogin": false, - "invertKnownCookieScore": false, - "knownCookieCheckEnabled": false, - "knownCookieScore": 1, - }, - "lastlogin": { - "invertTimeSinceLastLoginScore": false, - "saveLastLoginTimeOnSuccessfulLogin": false, - "timeSinceLastLoginCheckEnabled": false, - "timeSinceLastLoginScore": 1, - }, - "requestheader": { - "invertRequestHeaderScore": false, - "requestHeaderCheckEnabled": false, - "requestHeaderScore": 1, - }, - }, + "_id": "01/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": false, + "value": "efSYcwIhr7uKH30rgciGTVTFzb63LhYu", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/amster.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/session.properties.server.json 1`] = ` { - "authenticationModules": { - "amster": { - "_id": "amster", - "_type": { - "_id": "amster", - "collection": false, - "name": "ForgeRock Amster", - }, - "defaults": { - "authenticationLevel": 0, - "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", - "enabled": true, - }, + "_id": "01/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/anonymous.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/uma.properties.server.json 1`] = ` { - "authenticationModules": { - "anonymous": { - "_id": "anonymous", - "_type": { - "_id": "anonymous", - "collection": false, - "name": "Anonymous", - }, - "defaults": { - "authenticationLevel": 0, - "caseSensitiveUsernameMatchingEnabled": false, - "defaultAnonymousUsername": "anonymous", - "validAnonymousUsers": [], - }, + "_id": "01/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authJwtPoP.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "authJwtPoP": { - "_id": "authJwtPoP", - "_type": { - "_id": "authJwtPoP", - "collection": false, - "name": "JWT Proof of Possession (PoP)", - }, - "defaults": { - "authenticationLevel": 0, - "enableTlsSessionBinding": true, - "responseEncryptionCipher": "A128GCM", - "responseEncryptionMethod": "ECDHE", - }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authPush.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03.server.json 1`] = ` { - "authenticationModules": { - "authPush": { - "_id": "authPush", - "_type": { - "_id": "authPush", - "collection": false, - "name": "ForgeRock Authenticator (Push)", - }, - "defaults": { - "authenticationLevel": 0, - "pushMessage": "Login attempt from {{user}} at {{issuer}}", - "timeoutInMilliSecconds": 120000, - }, - }, + "defaultProperties": { + "advanced": "file://default/advanced.default.properties.server.json", + "cts": "file://default/cts.default.properties.server.json", + "general": "file://default/general.default.properties.server.json", + "sdk": "file://default/sdk.default.properties.server.json", + "security": "file://default/security.default.properties.server.json", + "session": "file://default/session.default.properties.server.json", + "uma": "file://default/uma.default.properties.server.json", }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authPushReg.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "authPushReg": { - "_id": "authPushReg", - "_type": { - "_id": "authPushReg", - "collection": false, - "name": "ForgeRock Authenticator (Push) Registration", - }, - "defaults": { - "appleLink": "https://itunes.apple.com/app/forgerock-authenticator/id1038442926", - "authenticationLevel": 0, - "bgcolour": "#519387", - "googleLink": "https://play.google.com/store/apps/details?id=com.forgerock.authenticator", - "issuer": "ForgeRock", - "timeoutInMilliSecconds": 120000, + "server": { + "03": { + "_id": "03", + "properties": { + "advanced": "file://03/advanced.properties.server.json", + "cts": "file://03/cts.properties.server.json", + "directoryConfiguration": "file://03/directoryConfiguration.properties.server.json", + "general": "file://03/general.properties.server.json", + "sdk": "file://03/sdk.properties.server.json", + "security": "file://03/security.properties.server.json", + "session": "file://03/session.properties.server.json", + "uma": "file://03/uma.properties.server.json", }, + "siteName": "testsite", + "url": "http://localhost:8081/am", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSaml.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/advanced.properties.server.json 1`] = ` { - "authenticationModules": { - "authSaml": { - "_id": "authSaml", - "_type": { - "_id": "authSaml", - "collection": false, - "name": "SAML2", - }, - "defaults": { - "allowCreate": "true", - "authComparison": "exact", - "authenticationLevel": 0, - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", - "entityName": "http://", - "forceAuthn": "false", - "isPassive": "false", - "metaAlias": "/sp", - "nameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "reqBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "sloEnabled": "false", - "sloRelay": "http://", - }, - }, - }, - "meta": Any, + "_id": "03/properties/advanced", + "com.iplanet.am.lbcookie.value": "03", } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialInstagram.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/cts.properties.server.json 1`] = ` { - "authenticationModules": { - "authSocialInstagram": { - "_id": "authSocialInstagram", - "_type": { - "_id": "authSocialInstagram", - "collection": false, - "name": "Social Auth Instagram", - }, - "defaults": { - "accountProvisioning": { - "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|instagram-", - "accountMapperConfiguration": [ - "id=uid", - ], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [ - "id=uid", - "full_name=sn", - "username=cn", - "username=givenName", - ], - "attributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|instagram-", - ], - "createAccount": true, - "enableRegistrationService": false, - "mapToAnonymousUser": false, - "saveAttributesInSession": true, - }, - "core": { - "authenticationLevel": 0, - "authorizeEndpoint": "https://api.instagram.com/oauth/authorize", - "logoutBehaviour": "prompt", - "logoutServiceUrl": "https://instagram.com/accounts/logout", - "provider": "Instagram", - "scope": [ - "basic", - ], - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "subjectProperty": "id", - "tokenEndpoint": "https://api.instagram.com/oauth/access_token", - "userInfoEndpoint": "https://api.instagram.com/v1/users/self", - "usesBasicAuth": false, - }, - }, + "_id": "03/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialOAuth2.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "authSocialOAuth2": { - "_id": "authSocialOAuth2", - "_type": { - "_id": "authSocialOAuth2", - "collection": false, - "name": "Social Auth OAuth2", - }, - "defaults": { - "accountProvisioning": { - "accountMapperConfiguration": [], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [], - "attributeMappingClasses": [], - "createAccount": true, - "enableRegistrationService": false, - "mapToAnonymousUser": false, - "promptPasswordFlag": false, - "saveAttributesInSession": true, - }, - "core": { - "authenticationLevel": 0, - "logoutBehaviour": "prompt", - "mixUpMitigation": false, - "scope": [], - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "usesBasicAuth": true, - }, - "emailSettings": { - "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", - "smtpHost": "localhost", - "smtpPort": "25", - }, - }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialOpenID.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "authSocialOpenID": { - "_id": "authSocialOpenID", - "_type": { - "_id": "authSocialOpenID", - "collection": false, - "name": "Social Auth OpenID", - }, - "defaults": { - "accountProvisioning": { - "accountMapperConfiguration": [], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [], - "attributeMappingClasses": [], - "createAccount": true, - "enableRegistrationService": false, - "mapToAnonymousUser": false, - "promptPasswordFlag": false, - "saveAttributesInSession": true, - }, - "core": { - "authenticationLevel": 0, - "logoutBehaviour": "prompt", - "mixUpMitigation": false, - "scope": [ - "openid", - ], - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "usesBasicAuth": true, - }, - "emailSettings": { - "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", - "smtpHost": "localhost", - "smtpPort": "25", - }, - }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialTwitter.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "authSocialTwitter": { - "_id": "authSocialTwitter", - "_type": { - "_id": "authSocialTwitter", - "collection": false, - "name": "Social Auth Twitter", - }, - "defaults": { - "accountProvisioning": { - "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|twitter-", - "accountMapperConfiguration": [ - "id_str=uid", - ], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [ - "full_name=sn", - "username=cn", - "id_str=uid", - "username=givenName", - ], - "attributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|twitter-", - ], - "createAccount": true, - "enableRegistrationService": false, - "mapToAnonymousUser": false, - "saveAttributesInSession": true, - }, - "core": { - "authenticationLevel": 0, - "authorizeEndpoint": "https://api.twitter.com/oauth/authenticate", - "provider": "Twitter", - "requestTokenEndpoint": "https://api.twitter.com/oauth/request_token", - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "subjectProperty": "id_str", - "tokenEndpoint": "https://api.twitter.com/oauth/access_token", - "userInfoEndpoint": "https://api.twitter.com/1.1/account/verify_credentials.json", - "usesBasicAuth": false, - }, - }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialVk.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/directoryConfiguration.properties.server.json 1`] = ` { - "authenticationModules": { - "authSocialVk": { - "_id": "authSocialVk", - "_type": { - "_id": "authSocialVk", - "collection": false, - "name": "Social Auth VKontakte", - }, - "defaults": { - "accountProvisioning": { - "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|vkontakte-", - "accountMapperConfiguration": [ - "id=uid", - ], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [ - "first_name=givenName", - "first_name=cn", - "id=uid", - "last_name=sn", - "email=mail", - ], - "attributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|vkontakte-", - ], - "createAccount": true, - "enableRegistrationService": false, - "mapToAnonymousUser": false, - "promptPasswordFlag": false, - "saveAttributesInSession": true, - }, - "core": { - "apiVersion": "5.73", - "authorizeEndpoint": "https://oauth.vk.com/authorize", - "forgerock-am-auth-socialauthvk-auth-level": 0, - "provider": "VKontakte", - "scope": [ - "email", - ], - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "subjectProperty": "id", - "tokenEndpoint": "https://oauth.vk.com/access_token", - "userInfoEndpoint": "https://api.vk.com/method/users.get", - }, - "emailSettings": { - "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", - "smtpHost": "localhost", - "smtpPort": "25", - }, - }, - }, + "_id": "03/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, }, - "meta": Any, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialWeChat.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/general.properties.server.json 1`] = ` { - "authenticationModules": { - "authSocialWeChat": { - "_id": "authSocialWeChat", - "_type": { - "_id": "authSocialWeChat", - "collection": false, - "name": "Social Auth WeChat", - }, - "defaults": { - "accountProvisioning": { - "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|wechat-", - "accountMapperConfiguration": [ - "openid=uid", - ], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [ - "nickname=givenName", - "openid=uid", - "nickname=cn", - "nickname=sn", - ], - "attributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|wechat-", - ], - "createAccount": true, - "enableRegistrationService": false, - "mapToAnonymousUser": false, - "promptPasswordFlag": false, - "saveAttributesInSession": true, - }, - "core": { - "authenticationLevel": 0, - "authorizeEndpoint": "https://open.weixin.qq.com/connect/qrconnect", - "provider": "WeChat", - "scope": [ - "snsapi_login", - ], - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "subjectProperty": "openid", - "tokenEndpoint": "https://api.wechat.com/sns/oauth2/access_token", - "userInfoEndpoint": "https://api.wechat.com/sns/userinfo", - "usesBasicAuth": false, - }, - "emailSettings": { - "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", - "smtpHost": "localhost", - "smtpPort": "25", - }, - }, + "_id": "03/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authSocialWeChatMobile.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "authSocialWeChatMobile": { - "_id": "authSocialWeChatMobile", - "_type": { - "_id": "authSocialWeChatMobile", - "collection": false, - "name": "Social Auth WeChat Mobile", - }, - "defaults": { - "accountProvisioning": { - "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|wechat-", - "accountMapperConfiguration": [ - "openid=uid", - ], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [ - "nickname=givenName", - "openid=uid", - "nickname=cn", - "nickname=sn", - ], - "attributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|wechat-", - ], - "createAccount": true, - "enableRegistrationService": false, - "mapToAnonymousUser": false, - "promptPasswordFlag": false, - "saveAttributesInSession": true, - }, - "core": { - "authenticationLevel": 0, - "provider": "WeChat", - "scope": [ - "snsapi_userinfo", - ], - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "subjectProperty": "openid", - "userInfoEndpoint": "https://api.wechat.com/sns/userinfo", - }, - "emailSettings": { - "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", - "smtpHost": "localhost", - "smtpPort": "25", - }, - }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": true, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": true, + "value": "%BASE_DIR%", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/authenticatoroath.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "authenticatoroath": { - "_id": "authenticatoroath", - "_type": { - "_id": "authenticatoroath", - "collection": false, - "name": "ForgeRock Authenticator (OATH)", - }, - "defaults": { - "addChecksumToOtpEnabled": "False", - "authenticationLevel": 0, - "frOathOtpMaxRetry": 3, - "hotpWindowSize": 100, - "minimumSecretKeyLength": 32, - "oathAlgorithm": "HOTP", - "passwordLength": "6", - "totpMaximumClockDrift": 5, - "totpTimeStepInterval": 30, - "totpTimeStepsInWindow": 2, - "truncationOffset": -1, - }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", }, }, - "meta": Any, + "amconfig.header.site": { + "singleChoiceSite": "testsite", + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/certificate.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/sdk.properties.server.json 1`] = ` { - "authenticationModules": { - "certificate": { - "_id": "certificate", - "_type": { - "_id": "certificate", - "collection": false, - "name": "Certificate", - }, - "defaults": { - "authenticationLevel": 0, - "cacheCRLsInMemory": true, - "certificateAttributeProfileMappingExtension": "none", - "certificateAttributeToProfileMapping": "subject CN", - "certificateLdapServers": [ - "localhost:50636", - ], - "crlMatchingCertificateAttribute": "CN", - "iplanet-am-auth-cert-gw-cert-preferred": false, - "ldapCertificateAttribute": "CN", - "ldapSearchStartDN": [], - "matchCACertificateToCRL": false, - "matchCertificateInLdap": false, - "matchCertificateToCRL": false, - "ocspValidationEnabled": false, - "sslEnabled": false, - "trustedRemoteHosts": [ - "none", - ], - "updateCRLsFromDistributionPoint": true, - "userBindDN": "cn=Directory Manager", - }, + "_id": "03/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/datastore.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "datastore": { - "_id": "datastore", - "_type": { - "_id": "datastore", - "collection": false, - "name": "Data Store", - }, - "defaults": { - "authenticationLevel": 0, - }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": true, + "value": false, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/deviceidmatch.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "deviceidmatch": { - "_id": "deviceidmatch", - "_type": { - "_id": "deviceidmatch", - "collection": false, - "name": "Device Id (Match)", - }, - "defaults": { - "authenticationLevel": 0, - "clientScript": "157298c0-7d31-4059-a95b-eeb08473b7e5", - "clientScriptEnabled": true, - "serverScript": "703dab1a-1921-4981-98dd-b8e5349d8548", - }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": true, + "value": "aci,um,sm", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/deviceidsave.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "deviceidsave": { - "_id": "deviceidsave", - "_type": { - "_id": "deviceidsave", - "collection": false, - "name": "Device Id (Save)", - }, - "defaults": { - "authenticationLevel": 0, - "autoStoreProfiles": false, - "maxProfilesAllowed": 5, - }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/federation.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "federation": { - "_id": "federation", - "_type": { - "_id": "federation", - "collection": false, - "name": "Federation", - }, - "defaults": { - "authenticationLevel": 0, - }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/hotp.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/security.properties.server.json 1`] = ` { - "authenticationModules": { - "hotp": { - "_id": "hotp", - "_type": { - "_id": "hotp", - "collection": false, - "name": "HOTP", - }, - "defaults": { - "authenticationLevel": 0, - "autoSendOTP": false, - "otpDeliveryMethod": "SMS and E-mail", - "otpLength": "8", - "otpMaxRetry": 3, - "otpValidityDuration": 5, - "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "smtpFromAddress": "no-reply@openam.org", - "smtpHostPort": 465, - "smtpHostname": "smtp.gmail.com", - "smtpSslEnabled": "SSL", - "smtpUserPassword": null, - "smtpUsername": "opensso.sun", - "userProfileEmailAttribute": "mail", - "userProfileTelephoneAttribute": "telephoneNumber", - }, + "_id": "03/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/httpbasic.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "httpbasic": { - "_id": "httpbasic", - "_type": { - "_id": "httpbasic", - "collection": false, - "name": "HTTP Basic", - }, - "defaults": { - "authenticationLevel": 0, - }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/jdbc.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "jdbc": { - "_id": "jdbc", - "_type": { - "_id": "jdbc", - "collection": false, - "name": "JDBC", - }, - "defaults": { - "authenticationLevel": 0, - "connectionPoolJndiName": "java:comp/env/jdbc/samplePool", - "connectionType": "JNDI", - "jdbcDriver": "com.mysql.jdbc.Driver", - "jdbcUrl": "jdbc:mysql://127.0.0.1:3306/test", - "password": null, - "passwordColumn": "PASSWORD_COLUMN", - "passwordStatement": "select PASSWORD_COLUMN from TABLE where USERNAME_COLUMN = ?", - "passwordTransformClass": "com.sun.identity.authentication.modules.jdbc.ClearTextTransform", - "username": "root", - }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/ldap.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "ldap": { - "_id": "ldap", - "_type": { - "_id": "ldap", - "collection": false, - "name": "LDAP", - }, - "defaults": { - "authenticationLevel": 0, - "beheraPasswordPolicySupportEnabled": true, - "connectionHeartbeatInterval": 10, - "connectionHeartbeatTimeUnit": "SECONDS", - "minimumPasswordLength": "8", - "openam-auth-ldap-connection-mode": "LDAP", - "operationTimeout": 0, - "primaryLdapServer": [ - "localhost:50636", - ], - "profileAttributeMappings": [], - "returnUserDN": true, - "searchScope": "SUBTREE", - "secondaryLdapServer": [], - "stopLdapbindAfterInmemoryLockedEnabled": false, - "trustAllServerCertificates": false, - "userBindDN": "cn=Directory Manager", - "userProfileRetrievalAttribute": "uid", - "userSearchAttributes": [ - "uid", - ], - "userSearchStartDN": [ - "dc=openam,dc=forgerock,dc=org", - ], - }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": true, + "value": "@AM_ENC_PWD@", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/membership.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "membership": { - "_id": "membership", - "_type": { - "_id": "membership", - "collection": false, - "name": "Membership", - }, - "defaults": { - "authenticationLevel": 0, - "defaultUserRoles": [], - "defaultUserStatus": "Active", - "minimumPasswordLength": 8, - }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/msisdn.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "msisdn": { - "_id": "msisdn", - "_type": { - "_id": "msisdn", - "collection": false, - "name": "MSISDN", - }, - "defaults": { - "authenticationLevel": 0, - "baseSearchDN": [ - "dc=openam,dc=forgerock,dc=org", - ], - "ldapProviderUrl": [ - "localhost:50636", - ], - "ldapSslEnabled": false, - "ldapUserBindDN": "cn=Directory Manager", - "msisdnParameterNames": [], - "msisdnRequestSearchLocations": [ - "searchRequest", - "searchParam", - "searchCookie", - ], - "msisdnUserNamingAttribute": "uid", - "returnUserDN": true, - "trustedGatewayIPAddresses": [], - "userProfileMsisdnAttribute": "sunIdentityMSISDNNumber", - }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/oath.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "oath": { - "_id": "oath", - "_type": { - "_id": "oath", - "collection": false, - "name": "OATH", - }, - "defaults": { - "addChecksum": "False", - "authenticationLevel": 0, - "forgerock-oath-maximum-clock-drift": 0, - "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", - "hotpWindowSize": 100, - "minimumSecretKeyLength": "32", - "oathAlgorithm": "HOTP", - "oathOtpMaxRetry": 3, - "passwordLength": "6", - "stepsInWindow": 2, - "timeStepSize": 30, - "truncationOffset": -1, - }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/oauth2.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/session.properties.server.json 1`] = ` { - "authenticationModules": { - "oauth2": { - "_id": "oauth2", - "_type": { - "_id": "oauth2", - "collection": false, - "name": "Legacy OAuth 2.0 / OpenID Connect", - }, - "defaults": { - "accessTokenEndpointUrl": "https://graph.facebook.com/oauth/access_token", - "accessTokenParameterName": "access_token", - "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper", - "accountMapperConfiguration": [ - "id=facebook-id", - "email=mail", - ], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "anonymousUserName": "anonymous", - "attributeMapperConfiguration": [ - "first_name=givenname", - "id=facebook-id", - "email=facebook-email", - "last_name=facebook-lname", - "first_name=facebook-fname", - "name=cn", - "email=mail", - "last_name=sn", - ], - "attributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper", - ], - "authenticationEndpointUrl": "https://www.facebook.com/dialog/oauth", - "authenticationLevel": 0, - "createAccount": true, - "logoutBehaviour": "prompt", - "mailGatewayClass": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", - "mapToAnonymousUser": false, - "mixUpMitigation": false, - "promptForPassword": true, - "saveAttributesInSession": true, - "scope": "email,read_stream", - "smtpFromAddress": "info@forgerock.com", - "smtpHostName": "localhost", - "smtpHostPort": "25", - "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", - "userProfileServiceUrl": "https://graph.facebook.com/me", - }, + "_id": "03/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/openidconnect.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "openidconnect": { - "_id": "openidconnect", - "_type": { - "_id": "openidconnect", - "collection": false, - "name": "OpenID Connect id_token bearer", - }, - "defaults": { - "acceptedAuthorizedParties": [ - "http://www.example.com/authorized/party", - "AuthorizedPartyExample", - ], - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "audienceName": "example", - "cryptoContextType": ".well-known/openid-configuration_url", - "cryptoContextValue": "https://accounts.google.com/.well-known/openid-configuration", - "idTokenHeaderName": "oidc_id_token", - "idTokenIssuer": "accounts.google.com", - "jwtToLdapAttributeMappings": [ - "sub=uid", - "email=mail", - ], - "principalMapperClass": "org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper", - "useSubClaimIfNoMatch": false, - }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/persistentcookie.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "persistentcookie": { - "_id": "persistentcookie", - "_type": { - "_id": "persistentcookie", - "collection": false, - "name": "Persistent Cookie", - }, - "defaults": { - "cookieName": "session-jwt", - "enforceClientIP": false, - "idleTimeout": 5, - "maxLife": 5, - "useHttpOnlyCookie": true, - "useSecureCookie": true, - }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/radius.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "radius": { - "_id": "radius", - "_type": { - "_id": "radius", - "collection": false, - "name": "RADIUS", - }, - "defaults": { - "authenticationLevel": 0, - "healthCheckInterval": 5, - "primaryRadiusServers": [ - "127.0.0.1", - ], - "secondaryRadiusServers": [ - "127.0.0.1", - ], - "serverPortNumber": 1645, - "serverTimeout": 3, - "stopRadiusbindAfterInmemoryLockedEnabled": false, - }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/sae.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/uma.properties.server.json 1`] = ` { - "authenticationModules": { - "sae": { - "_id": "sae", - "_type": { - "_id": "sae", - "collection": false, - "name": "SAE", - }, - "defaults": { - "authenticationLevel": 0, - }, + "_id": "03/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/scripted.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "scripted": { - "_id": "scripted", - "_type": { - "_id": "scripted", - "collection": false, - "name": "Scripted Module", - }, - "defaults": { - "authenticationLevel": 1, - "clientScript": "[Empty]", - "clientScriptEnabled": true, - "serverScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", - }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/securid.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "securid": { - "_id": "securid", - "_type": { - "_id": "securid", - "collection": false, - "name": "SecurID", - }, - "defaults": { - "authenticationLevel": 0, - "serverConfigPath": "/home/prestonhales/am/config/auth/ace/data", - }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/windowsdesktopsso.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "windowsdesktopsso": { - "_id": "windowsdesktopsso", - "_type": { - "_id": "windowsdesktopsso", - "collection": false, - "name": "Windows Desktop SSO", - }, - "defaults": { - "authenticationLevel": 0, - "kerberosServiceIsinitiator": true, - "lookupUserInRealm": false, - "returnPrincipalWithDomainName": false, - "trustedKerberosRealms": [], - }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationModules/windowsnt.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04.server.json 1`] = ` { - "authenticationModules": { - "windowsnt": { - "_id": "windowsnt", - "_type": { - "_id": "windowsnt", - "collection": false, - "name": "Windows NT", - }, - "defaults": { - "authenticationLevel": 0, + "defaultProperties": { + "advanced": "file://default/advanced.default.properties.server.json", + "cts": "file://default/cts.default.properties.server.json", + "general": "file://default/general.default.properties.server.json", + "sdk": "file://default/sdk.default.properties.server.json", + "security": "file://default/security.default.properties.server.json", + "session": "file://default/session.default.properties.server.json", + "uma": "file://default/uma.default.properties.server.json", + }, + "meta": Any, + "server": { + "04": { + "_id": "04", + "properties": { + "advanced": "file://04/advanced.properties.server.json", + "cts": "file://04/cts.properties.server.json", + "directoryConfiguration": "file://04/directoryConfiguration.properties.server.json", + "general": "file://04/general.properties.server.json", + "sdk": "file://04/sdk.properties.server.json", + "security": "file://04/security.properties.server.json", + "session": "file://04/session.properties.server.json", + "uma": "file://04/uma.properties.server.json", }, + "siteName": null, + "url": "http://localhost:8082/am", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/authenticationTreesConfiguration/EMPTY.authenticationTreesConfiguration.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/advanced.properties.server.json 1`] = ` { - "authenticationTreesConfiguration": { - "EMPTY": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Authentication Trees Configuration", - }, - }, - }, - "meta": Any, + "_id": "04/properties/advanced", + "com.iplanet.am.lbcookie.value": "04", } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/realm/first.realm.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/cts.properties.server.json 1`] = ` { - "meta": Any, - "realm": { - "L2ZpcnN0": { - "_id": "L2ZpcnN0", - "active": true, - "aliases": [ - "one", - "dnsfirst", - ], - "name": "first", - "parentPath": "/", + "_id": "04/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/realm/firstsecond.realm.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/directoryConfiguration.properties.server.json 1`] = ` { - "meta": Any, - "realm": { - "L2ZpcnN0L3NlY29uZA": { - "_id": "L2ZpcnN0L3NlY29uZA", - "active": false, - "aliases": [ - "secondDNS", - "second", - ], - "name": "second", - "parentPath": "/first", - }, + "_id": "04/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/realm/root.realm.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/general.properties.server.json 1`] = ` { - "meta": Any, - "realm": { - "Lw": { - "_id": "Lw", - "active": true, - "aliases": [ - "localhost", - "openam-frodo-dev.classic.com", - "openam", - "testurl.com", - ], - "name": "/", - "parentPath": "", + "_id": "04/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", + }, + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": true, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": true, + "value": "%BASE_DIR%", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", }, }, + "amconfig.header.site": { + "singleChoiceSite": "[Empty]", + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/AUTHENTICATION_CLIENT_SIDE.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/sdk.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "AUTHENTICATION_CLIENT_SIDE": { - "_id": "AUTHENTICATION_CLIENT_SIDE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "AUTHENTICATION_CLIENT_SIDE", - "allowLists": {}, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "[Empty]", - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "_id": "04/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": true, + "value": false, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": true, + "value": "aci,um,sm", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/AUTHENTICATION_SERVER_SIDE.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/security.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "AUTHENTICATION_SERVER_SIDE": { - "_id": "AUTHENTICATION_SERVER_SIDE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "AUTHENTICATION_SERVER_SIDE", - "allowLists": { - "1.0": [ - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.ArrayList$Itr", - "java.util.ArrayList", - "java.util.HashMap$KeyIterator", - "java.util.HashMap", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - "2.0": [ - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.ArrayList$Itr", - "java.util.ArrayList", - "java.util.HashMap$KeyIterator", - "java.util.HashMap", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.ArrayList$Itr", - "java.util.ArrayList", - "java.util.HashMap$KeyIterator", - "java.util.HashMap", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.openam.authentication.modules.scripted.*", - "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "_id": "04/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": true, + "value": "@AM_ENC_PWD@", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/AUTHENTICATION_TREE_DECISION_NODE.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/session.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "AUTHENTICATION_TREE_DECISION_NODE": { - "_id": "AUTHENTICATION_TREE_DECISION_NODE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "AUTHENTICATION_TREE_DECISION_NODE", - "allowLists": { - "1.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.Collections$*", - "java.util.concurrent.TimeUnit", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "java.util.HashSet", - "java.util.HashMap", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.InvalidKeySpecException", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.shared.debug.Debug", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.Client", - "org.forgerock.http.Handler", - "org.forgerock.http.Context", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "groovy.json.JsonSlurper", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "org.mozilla.javascript.ConsString", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - "2.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.concurrent.TimeUnit", - "java.util.Collections$*", - "java.util.HashSet", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "org.mozilla.javascript.ConsString", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "ch.qos.logback.classic.Logger", - "org.forgerock.util.promise.Promises$*", - "com.sun.proxy.$*", - "java.util.Date", - "java.security.spec.InvalidKeySpecException", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - "2.0", - ], - }, - }, - "defaultScript": "01e1a3c0-038b-4c16-956a-6c9d89328cff", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.Collections$*", - "java.util.concurrent.TimeUnit", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "java.util.HashSet", - "java.util.HashMap", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.InvalidKeySpecException", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.shared.debug.Debug", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.Client", - "org.forgerock.http.Handler", - "org.forgerock.http.Context", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "groovy.json.JsonSlurper", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "org.mozilla.javascript.ConsString", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "_id": "04/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/CONFIG_PROVIDER_NODE.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/uma.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "CONFIG_PROVIDER_NODE": { - "_id": "CONFIG_PROVIDER_NODE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "CONFIG_PROVIDER_NODE", - "allowLists": { - "1.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.Collections$*", - "java.util.concurrent.TimeUnit", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "java.util.HashSet", - "java.util.HashMap", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.InvalidKeySpecException", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.shared.debug.Debug", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.Client", - "org.forgerock.http.Handler", - "org.forgerock.http.Context", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "groovy.json.JsonSlurper", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "org.mozilla.javascript.ConsString", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - "2.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.Collections$*", - "java.util.concurrent.TimeUnit", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "java.util.HashSet", - "java.util.HashMap", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.InvalidKeySpecException", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.shared.debug.Debug", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.Client", - "org.forgerock.http.Handler", - "org.forgerock.http.Context", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "groovy.json.JsonSlurper", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "org.mozilla.javascript.ConsString", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "5e854779-6ec1-4c39-aeba-0477e0986646", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$*", - "java.util.ArrayList", - "java.util.Collections", - "java.util.Collections$*", - "java.util.concurrent.TimeUnit", - "java.util.concurrent.ExecutionException", - "java.util.concurrent.TimeoutException", - "java.util.HashSet", - "java.util.HashMap", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.security.KeyPair", - "java.security.KeyPairGenerator", - "java.security.KeyPairGenerator$*", - "java.security.PrivateKey", - "java.security.PublicKey", - "java.security.spec.InvalidKeySpecException", - "java.security.spec.X509EncodedKeySpec", - "java.security.spec.MGF1ParameterSpec", - "javax.crypto.SecretKeyFactory", - "javax.crypto.spec.OAEPParameterSpec", - "javax.crypto.spec.PBEKeySpec", - "javax.crypto.spec.PSource", - "javax.crypto.spec.PSource$*", - "javax.security.auth.callback.NameCallback", - "javax.security.auth.callback.PasswordCallback", - "javax.security.auth.callback.ChoiceCallback", - "javax.security.auth.callback.ConfirmationCallback", - "javax.security.auth.callback.LanguageCallback", - "javax.security.auth.callback.TextInputCallback", - "javax.security.auth.callback.TextOutputCallback", - "com.sun.crypto.provider.PBKDF2KeyImpl", - "com.sun.identity.authentication.callbacks.HiddenValueCallback", - "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", - "com.sun.identity.authentication.spi.HttpCallback", - "com.sun.identity.authentication.spi.MetadataCallback", - "com.sun.identity.authentication.spi.RedirectCallback", - "com.sun.identity.authentication.spi.X509CertificateCallback", - "com.sun.identity.shared.debug.Debug", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.Client", - "org.forgerock.http.Handler", - "org.forgerock.http.Context", - "org.forgerock.http.context.RootContext", - "org.forgerock.http.protocol.Cookie", - "org.forgerock.http.header.*", - "org.forgerock.http.header.authorization.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.json.JsonValue", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.auth.node.api.Action", - "org.forgerock.openam.auth.node.api.Action$ActionBuilder", - "org.forgerock.openam.authentication.callbacks.IdPCallback", - "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", - "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", - "org.forgerock.openam.core.rest.authn.callbackhandlers.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "groovy.json.JsonSlurper", - "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", - "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.scripting.api.secrets.Secret", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openam.auth.node.api.NodeState", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "org.mozilla.javascript.ConsString", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", - "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "_id": "04/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/LIBRARY.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/advanced.default.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "LIBRARY": { - "_id": "LIBRARY", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "LIBRARY", - "allowLists": { - "1.0": [ - "java.lang.Float", - "org.forgerock.http.protocol.Header", - "java.lang.Integer", - "org.forgerock.http.Client", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Long", - "java.lang.Short", - "java.util.Map", - "org.forgerock.http.client.*", - "java.lang.Math", - "org.forgerock.opendj.ldap.Dn", - "java.lang.Byte", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.lang.StrictMath", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.http.Context", - "java.lang.Void", - "org.codehaus.groovy.runtime.GStringImpl", - "groovy.json.JsonSlurper", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.context.RootContext", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.List", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Responses", - "org.forgerock.util.promise.Promise", - "java.util.HashMap$KeyIterator", - "com.sun.identity.shared.debug.Debug", - "java.lang.Double", - "org.forgerock.http.protocol.Headers", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.http.protocol.Status", - "java.util.HashMap", - "java.lang.Character$Subset", - "java.util.TreeSet", - "java.util.ArrayList", - "java.util.HashSet", - "java.util.LinkedHashMap", - "org.forgerock.http.protocol.ResponseException", - "java.util.Collections$UnmodifiableRandomAccessList", - "org.forgerock.http.protocol.Message", - "java.lang.Boolean", - "java.lang.String", - "java.lang.Number", - "java.util.LinkedList", - "java.util.LinkedHashSet", - "org.forgerock.http.protocol.Response", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.TreeMap", - "java.util.Collections$EmptyList", - "org.forgerock.openam.scripting.api.ScriptedSession", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.http.Handler", - "java.lang.Object", - "org.forgerock.http.protocol.Form", - "jdk.proxy*", - ], - "2.0": [ - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "JAVASCRIPT": [ - "2.0", - ], - }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.lang.Class", - "java.security.AccessController", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Float", - "org.forgerock.http.protocol.Header", - "java.lang.Integer", - "org.forgerock.http.Client", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Long", - "java.lang.Short", - "java.util.Map", - "org.forgerock.http.client.*", - "java.lang.Math", - "org.forgerock.opendj.ldap.Dn", - "java.lang.Byte", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "java.lang.StrictMath", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.http.Context", - "java.lang.Void", - "org.codehaus.groovy.runtime.GStringImpl", - "groovy.json.JsonSlurper", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.context.RootContext", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "java.util.List", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Responses", - "org.forgerock.util.promise.Promise", - "java.util.HashMap$KeyIterator", - "com.sun.identity.shared.debug.Debug", - "java.lang.Double", - "org.forgerock.http.protocol.Headers", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.http.protocol.Status", - "java.util.HashMap", - "java.lang.Character$Subset", - "java.util.TreeSet", - "java.util.ArrayList", - "java.util.HashSet", - "java.util.LinkedHashMap", - "org.forgerock.http.protocol.ResponseException", - "java.util.Collections$UnmodifiableRandomAccessList", - "org.forgerock.http.protocol.Message", - "java.lang.Boolean", - "java.lang.String", - "java.lang.Number", - "java.util.LinkedList", - "java.util.LinkedHashSet", - "org.forgerock.http.protocol.Response", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.TreeMap", - "java.util.Collections$EmptyList", - "org.forgerock.openam.scripting.api.ScriptedSession", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.http.Handler", - "java.lang.Object", - "org.forgerock.http.protocol.Form", - ], - }, - "languages": [ - "JAVASCRIPT", - ], - }, + "_id": "null/properties/advanced", + "com.iplanet.am.buildDate": "2024-March-28 16:00", + "com.iplanet.am.buildRevision": "89116d59a1ebe73ed1931dd3649adb7f217cd06b", + "com.iplanet.am.buildVersion": "ForgeRock Access Management 7.5.0", + "com.iplanet.am.cookie.c66Encode": true, + "com.iplanet.am.daemons": "securid", + "com.iplanet.am.directory.ssl.enabled": false, + "com.iplanet.am.installdir": "%BASE_DIR%", + "com.iplanet.am.jssproxy.SSLTrustHostList": "", + "com.iplanet.am.jssproxy.checkSubjectAltName": false, + "com.iplanet.am.jssproxy.resolveIPAddress": false, + "com.iplanet.am.jssproxy.trustAllServerCerts": false, + "com.iplanet.am.lbcookie.name": "amlbcookie", + "com.iplanet.am.lbcookie.value": "00", + "com.iplanet.am.logstatus": "ACTIVE", + "com.iplanet.am.pcookie.name": "DProPCookie", + "com.iplanet.am.profile.host": "%SERVER_HOST%", + "com.iplanet.am.profile.port": "%SERVER_PORT%", + "com.iplanet.am.serverMode": true, + "com.iplanet.am.session.agentSessionIdleTime": "1440", + "com.iplanet.am.session.client.polling.enable": false, + "com.iplanet.am.session.client.polling.period": "180", + "com.iplanet.am.session.httpSession.enabled": "true", + "com.iplanet.am.version": "ForgeRock Access Management 7.5.0 Build 89116d59a1ebe73ed1931dd3649adb7f217cd06b (2024-March-28 16:00)", + "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", + "com.sun.am.event.notification.expire.time": "5", + "com.sun.embedded.sync.servers": "on", + "com.sun.identity.am.cookie.check": false, + "com.sun.identity.auth.cookieName": "AMAuthCookie", + "com.sun.identity.authentication.multiple.tabs.used": false, + "com.sun.identity.authentication.setCookieToAllDomains": true, + "com.sun.identity.authentication.special.users": "cn=dsameuser,ou=DSAME Users,%ROOT_SUFFIX%|cn=amService-UrlAccessAgent,ou=DSAME Users,%ROOT_SUFFIX%", + "com.sun.identity.authentication.super.user": "uid=amAdmin,ou=People,%ROOT_SUFFIX%", + "com.sun.identity.authentication.uniqueCookieName": "sunIdentityServerAuthNServer", + "com.sun.identity.cookie.httponly": true, + "com.sun.identity.cookie.samesite": "off", + "com.sun.identity.enableUniqueSSOTokenCookie": false, + "com.sun.identity.jss.donotInstallAtHighestPriority": true, + "com.sun.identity.monitoring": "off", + "com.sun.identity.monitoring.local.conn.server.url": "service:jmx:rmi://", + "com.sun.identity.password.deploymentDescriptor": "%SERVER_URI%", + "com.sun.identity.plugin.configuration.class": "@CONFIGURATION_PROVIDER_CLASS@", + "com.sun.identity.plugin.datastore.class.default": "@DATASTORE_PROVIDER_CLASS@", + "com.sun.identity.plugin.log.class": "@LOG_PROVIDER_CLASS@", + "com.sun.identity.plugin.monitoring.agent.class": "@MONAGENT_PROVIDER_CLASS@", + "com.sun.identity.plugin.monitoring.saml2.class": "@MONSAML2_PROVIDER_CLASS@", + "com.sun.identity.plugin.session.class": "@SESSION_PROVIDER_CLASS@", + "com.sun.identity.policy.Policy.policy_evaluation_weights": "10:10:10", + "com.sun.identity.policy.resultsCacheMaxSize": "10000", + "com.sun.identity.policy.resultsCacheResourceCap": "20", + "com.sun.identity.saml.xmlsig.keyprovider.class": "@XMLSIG_KEY_PROVIDER@", + "com.sun.identity.saml.xmlsig.passwordDecoder": "@PASSWORD_DECODER_CLASS@", + "com.sun.identity.saml.xmlsig.signatureprovider.class": "@XML_SIGNATURE_PROVIDER@", + "com.sun.identity.security.checkcaller": false, + "com.sun.identity.server.fqdnMap[dnsfirst]": "dnsfirst", + "com.sun.identity.server.fqdnMap[hello]": "hello", + "com.sun.identity.server.fqdnMap[localhost]": "localhost", + "com.sun.identity.server.fqdnMap[openam-frodo-dev.classic.com]": "openam-frodo-dev.classic.com", + "com.sun.identity.server.fqdnMap[openam]": "openam", + "com.sun.identity.server.fqdnMap[secondDNS]": "secondDNS", + "com.sun.identity.session.repository.enableAttributeCompression": false, + "com.sun.identity.session.repository.enableCompression": false, + "com.sun.identity.session.repository.enableEncryption": false, + "com.sun.identity.sm.cache.ttl": "30", + "com.sun.identity.sm.cache.ttl.enable": false, + "com.sun.identity.url.readTimeout": "30000", + "com.sun.identity.webcontainer": "WEB_CONTAINER", + "dynamic.datastore.creation.enabled": false, + "openam.auth.destroy_session_after_upgrade": true, + "openam.auth.distAuthCookieName": "AMDistAuthCookie", + "openam.auth.session_property_upgrader": "org.forgerock.openam.authentication.service.DefaultSessionPropertyUpgrader", + "openam.auth.version.header.enabled": false, + "openam.authentication.ignore_goto_during_logout": false, + "openam.cdm.default.charset": "UTF-8", + "openam.forbidden.to.copy.headers": "connection", + "openam.forbidden.to.copy.request.headers": "connection", + "openam.oauth2.client.jwt.encryption.algorithm.allow.list": "RSA-OAEP,RSA-OAEP-256,ECDH-ES", + "openam.oauth2.client.jwt.unreasonable.lifetime.limit.minutes": "30", + "openam.retained.http.headers": "X-DSAMEVersion", + "openam.retained.http.request.headers": "X-DSAMEVersion", + "openam.serviceattributevalidator.classes.whitelist": "org.forgerock.openam.auth.nodes.validators.GreaterThanZeroValidator,org.forgerock.openam.auth.nodes.validators.HMACKeyLengthValidator,org.forgerock.openam.auth.nodes.validators.HmacSigningKeyValidator,org.forgerock.openam.auth.nodes.validators.PercentageValidator,org.forgerock.openam.auth.nodes.validators.QueryFilterValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyNameValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyValidator,org.forgerock.openam.auth.nodes.framework.validators.NodeValueValidator,org.forgerock.openam.audit.validation.PositiveIntegerValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.AlphaNumericValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.CodeLengthValidator,org.forgerock.openam.authentication.modules.persistentcookie.validation.SigningKeyValidator,com.sun.identity.common.configuration.DuplicateKeyMapValueValidator,com.sun.identity.common.configuration.AgentClientIpModeValueValidator,com.sun.identity.common.configuration.FilterModeValueValidator,com.sun.identity.common.configuration.GlobalMapValueValidator,com.sun.identity.common.configuration.ListValueValidator,com.sun.identity.common.configuration.MapValueValidator,com.sun.identity.common.configuration.ServerPropertyValidator,com.sun.identity.policy.ResourceComparatorValidator,com.sun.identity.sm.EmailValidator,com.sun.identity.sm.IPAddressValidator,com.sun.identity.sm.RequiredValueValidator,com.sun.identity.sm.ServerIDValidator,com.sun.identity.sm.SiteIDValidator,org.forgerock.openam.sm.validation.Base64EncodedBinaryValidator,org.forgerock.openam.sm.validation.BlankValueValidator,org.forgerock.openam.sm.validation.DurationValidator,org.forgerock.openam.sm.validation.EndpointValidator,org.forgerock.openam.sm.validation.HostnameValidator,org.forgerock.openam.sm.validation.PortValidator,org.forgerock.openam.sm.validation.SecretIdValidator,org.forgerock.openam.sm.validation.StatelessSessionSigningAlgorithmValidator,org.forgerock.openam.sm.validation.StringMapValidator,org.forgerock.openam.sm.validation.URLValidator,org.forgerock.openam.selfservice.config.KeyAliasValidator,org.forgerock.openam.sm.validation.UniqueIndexedValuesValidator,org.forgerock.openam.webhook.HttpHeaderValidator,org.forgerock.oauth2.core.ClientRedirectUriValidator", + "openam.session.case.sensitive.uuid": false, + "org.forgerock.allow.http.client.debug": false, + "org.forgerock.am.auth.chains.authindexuser.strict": true, + "org.forgerock.am.auth.node.otp.inSharedState": false, + "org.forgerock.am.auth.trees.authenticate.identified.identity": true, + "org.forgerock.openam.audit.additionalSuccessStatusCodesEnabled": true, + "org.forgerock.openam.audit.identity.activity.events.blacklist": "AM-ACCESS-ATTEMPT,AM-IDENTITY-CHANGE,AM-GROUP-CHANGE", + "org.forgerock.openam.auth.transactionauth.returnErrorOnAuthFailure": false, + "org.forgerock.openam.authLevel.excludeRequiredOrRequisite": false, + "org.forgerock.openam.authentication.forceAuth.enabled": false, + "org.forgerock.openam.console.autocomplete.enabled": true, + "org.forgerock.openam.core.resource.lookup.cache.enabled": true, + "org.forgerock.openam.core.sms.placeholder_api_enabled": "OFF", + "org.forgerock.openam.devices.recovery.use_insecure_storage": false, + "org.forgerock.openam.encryption.key.digest": "SHA1", + "org.forgerock.openam.encryption.key.iterations": "10000", + "org.forgerock.openam.encryption.key.size": "128", + "org.forgerock.openam.httpclienthandler.system.clients.connection.timeout": "10 seconds", + "org.forgerock.openam.httpclienthandler.system.clients.max.connections": "64", + "org.forgerock.openam.httpclienthandler.system.clients.pool.ttl": "-1", + "org.forgerock.openam.httpclienthandler.system.clients.response.timeout": "10 seconds", + "org.forgerock.openam.httpclienthandler.system.clients.retry.failed.requests.enabled": true, + "org.forgerock.openam.httpclienthandler.system.clients.reuse.connections.enabled": true, + "org.forgerock.openam.httpclienthandler.system.nonProxyHosts": "localhost,127.*,[::1],0.0.0.0,[::0]", + "org.forgerock.openam.httpclienthandler.system.proxy.enabled": false, + "org.forgerock.openam.httpclienthandler.system.proxy.password": null, + "org.forgerock.openam.httpclienthandler.system.proxy.uri": "", + "org.forgerock.openam.httpclienthandler.system.proxy.username": "", + "org.forgerock.openam.idm.attribute.names.lower.case": false, + "org.forgerock.openam.idrepo.ldapv3.passwordpolicy.allowDiagnosticMessage": false, + "org.forgerock.openam.idrepo.ldapv3.proxyauth.passwordreset.adminRequest": "isAdminPasswordChangeRequest", + "org.forgerock.openam.introspect.token.query.param.allowed": false, + "org.forgerock.openam.ldap.dncache.expire.time": "0", + "org.forgerock.openam.ldap.heartbeat.timeout": "10", + "org.forgerock.openam.ldap.keepalive.search.base": "", + "org.forgerock.openam.ldap.keepalive.search.filter": "(objectClass=*)", + "org.forgerock.openam.ldap.secure.protocol.version": "TLSv1.3,TLSv1.2", + "org.forgerock.openam.notifications.agents.enabled": true, + "org.forgerock.openam.oauth2.checkIssuerForIdTokenInfo": true, + "org.forgerock.openam.radius.server.context.cache.size": "5000", + "org.forgerock.openam.redirecturlvalidator.maxUrlLength": "2000", + "org.forgerock.openam.request.max.bytes.entity.size": "1048576", + "org.forgerock.openam.saml2.authenticatorlookup.skewAllowance": "60", + "org.forgerock.openam.scripting.maxinterpreterstackdepth": "10000", + "org.forgerock.openam.secrets.special.user.passwords.format": "ENCRYPTED_PLAIN", + "org.forgerock.openam.secrets.special.user.secret.refresh.seconds": "900", + "org.forgerock.openam.session.service.persistence.deleteAsynchronously": true, + "org.forgerock.openam.session.stateless.encryption.method": "A128CBC-HS256", + "org.forgerock.openam.session.stateless.rsa.padding": "RSA-OAEP-256", + "org.forgerock.openam.session.stateless.signing.allownone": false, + "org.forgerock.openam.showServletTraceInBrowser": false, + "org.forgerock.openam.slf4j.enableTraceInMessage": false, + "org.forgerock.openam.smtp.system.connect.timeout": "10000", + "org.forgerock.openam.smtp.system.socket.read.timeout": "10000", + "org.forgerock.openam.smtp.system.socket.write.timeout": "10000", + "org.forgerock.openam.sso.providers.list": "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOProvider", + "org.forgerock.openam.timerpool.shutdown.retry.interval": "15000", + "org.forgerock.openam.timerpool.shutdown.retry.limit": "3", + "org.forgerock.openam.timerpool.shutdown.retry.multiplier": "1.5", + "org.forgerock.openam.trees.consumedstatedata.cache.size": "15", + "org.forgerock.openam.trees.ids.cache.size": "50", + "org.forgerock.openam.url.connectTimeout": "1000", + "org.forgerock.openam.xui.user.session.validation.enabled": true, + "org.forgerock.openidconnect.ssoprovider.maxcachesize": "5000", + "org.forgerock.security.entitlement.enforce.realm": true, + "org.forgerock.security.oauth2.enforce.sub.claim.uniqueness": true, + "org.forgerock.services.cts.store.reaper.enabled": true, + "org.forgerock.services.cts.store.ttlsupport.enabled": false, + "org.forgerock.services.cts.store.ttlsupport.exclusionlist": "", + "org.forgerock.services.default.store.max.connections": "", + "org.forgerock.services.default.store.min.connections": "", + "org.forgerock.services.openid.request.object.lifespan": "120000", + "securidHelper.ports": "58943", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/cts.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": "default", + "org.forgerock.services.cts.store.max.connections": "100", + "org.forgerock.services.cts.store.page.size": "0", + "org.forgerock.services.cts.store.root.suffix": "", + "org.forgerock.services.cts.store.vlv.page.size": "1000", + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.directory.name": "", + "org.forgerock.services.cts.store.heartbeat": "10", + "org.forgerock.services.cts.store.loginid": "", + "org.forgerock.services.cts.store.mtls.enabled": "", + "org.forgerock.services.cts.store.password": null, + "org.forgerock.services.cts.store.ssl.enabled": "", + "org.forgerock.services.cts.store.starttls.enabled": "", }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_ACCESS_TOKEN_MODIFICATION.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/general.default.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "OAUTH2_ACCESS_TOKEN_MODIFICATION": { - "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", - "allowLists": { - "1.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - "2.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, + "_id": "null/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": "%BASE_DIR%/var/debug", + "com.iplanet.services.debug.level": "off", + "com.sun.services.debug.mergeall": "on", + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": "en_US", + "com.iplanet.am.util.xml.validating": "off", + "com.iplanet.services.configpath": "%BASE_DIR%", + "com.sun.identity.client.notification.url": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": "localhost", + "com.iplanet.am.smtpport": "25", }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/sdk.default.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER": { - "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", - "allowLists": { - "1.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - "2.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, + "_id": "null/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": "10000", + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": false, + "com.sun.identity.sm.notification.threadpool.size": "1", + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": "3000", + "com.iplanet.am.event.connection.ldap.error.codes.retries": "80,81,91", + "com.iplanet.am.event.connection.num.retries": "3", + "com.sun.am.event.connection.disable.list": "aci,um,sm", + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": "1000", + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": "80,81,91", + "com.iplanet.am.ldap.connection.num.retries": "3", + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": "30", + "com.iplanet.am.sdk.cache.entry.expire.enabled": false, + "com.iplanet.am.sdk.cache.entry.user.expire.time": "15", }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_EVALUATE_SCOPE.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/security.default.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "OAUTH2_EVALUATE_SCOPE": { - "_id": "OAUTH2_EVALUATE_SCOPE", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_EVALUATE_SCOPE", - "allowLists": { - "1.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - "2.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, + "_id": "null/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": false, + "com.iplanet.am.cookie.name": "iPlanetDirectoryPro", + "com.iplanet.am.cookie.secure": false, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": "", + "com.sun.identity.crl.cache.directory.mtlsenabled": false, + "com.sun.identity.crl.cache.directory.password": null, + "com.sun.identity.crl.cache.directory.port": "", + "com.sun.identity.crl.cache.directory.searchattr": "", + "com.sun.identity.crl.cache.directory.searchlocs": "", + "com.sun.identity.crl.cache.directory.ssl": false, + "com.sun.identity.crl.cache.directory.user": "", + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + "amconfig.header.encryption": { + "am.encryption.pwd": "@AM_ENC_PWD@", + "am.encryption.secret.enabled": false, + "am.encryption.secret.keystoreType": "JCEKS", + "com.iplanet.security.SecureRandomFactoryImpl": "com.iplanet.am.util.SecureRandomFactoryImpl", + "com.iplanet.security.encryptor": "com.iplanet.services.util.JCEEncryption", + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": "", + "com.sun.identity.authentication.ocsp.responder.url": "", + "com.sun.identity.authentication.ocspCheck": false, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": "test", + "com.sun.identity.saml.xmlsig.keypass": "%BASE_DIR%/security/secrets/default/.keypass", + "com.sun.identity.saml.xmlsig.keystore": "%BASE_DIR%/security/keystores/keystore.jceks", + "com.sun.identity.saml.xmlsig.storepass": "%BASE_DIR%/security/secrets/default/.storepass", + "com.sun.identity.saml.xmlsig.storetype": "JCEKS", + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": false, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": "16384", }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_MAY_ACT.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/session.default.properties.server.json 1`] = ` { - "meta": Any, - "scripttype": { - "OAUTH2_MAY_ACT": { - "_id": "OAUTH2_MAY_ACT", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_MAY_ACT", - "allowLists": { - "1.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - "2.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "[Empty]", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.StatefulAccessToken", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.OpenIdConnectToken", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], - }, + "_id": "null/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": "60", + "com.iplanet.services.stats.directory": "%BASE_DIR%/var/stats", + "com.iplanet.services.stats.state": "file", + "com.sun.am.session.enableHostLookUp": false, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": "10", + "com.iplanet.am.notification.threadpool.threshold": "5000", + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": "3", + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": "5000", + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": true, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_SCRIPTED_JWT_ISSUER.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/uma.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": "default", + "org.forgerock.services.resourcesets.store.max.connections": "10", + "org.forgerock.services.resourcesets.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": "", + "org.forgerock.services.resourcesets.store.heartbeat": "10", + "org.forgerock.services.resourcesets.store.loginid": "", + "org.forgerock.services.resourcesets.store.mtls.enabled": "", + "org.forgerock.services.resourcesets.store.password": null, + "org.forgerock.services.resourcesets.store.ssl.enabled": "", + "org.forgerock.services.resourcesets.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": "default", + "org.forgerock.services.uma.labels.store.max.connections": "2", + "org.forgerock.services.uma.labels.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": "", + "org.forgerock.services.uma.labels.store.heartbeat": "10", + "org.forgerock.services.uma.labels.store.loginid": "", + "org.forgerock.services.uma.labels.store.mtls.enabled": "", + "org.forgerock.services.uma.labels.store.password": null, + "org.forgerock.services.uma.labels.store.ssl.enabled": "", + "org.forgerock.services.uma.labels.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": "default", + "org.forgerock.services.uma.pendingrequests.store.max.connections": "10", + "org.forgerock.services.uma.pendingrequests.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": "", + "org.forgerock.services.uma.pendingrequests.store.heartbeat": "10", + "org.forgerock.services.uma.pendingrequests.store.loginid": "", + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": "", + "org.forgerock.services.uma.pendingrequests.store.password": null, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": "", + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": "default", + "org.forgerock.services.umaaudit.store.max.connections": "10", + "org.forgerock.services.umaaudit.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": "", + "org.forgerock.services.umaaudit.store.heartbeat": "10", + "org.forgerock.services.umaaudit.store.loginid": "", + "org.forgerock.services.umaaudit.store.mtls.enabled": "", + "org.forgerock.services.umaaudit.store.password": null, + "org.forgerock.services.umaaudit.store.ssl.enabled": "", + "org.forgerock.services.umaaudit.store.starttls.enabled": "", + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/serverInformation/information.serverInformation.json 1`] = ` { "meta": Any, - "scripttype": { - "OAUTH2_SCRIPTED_JWT_ISSUER": { - "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", - "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", - "allowLists": { - "1.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - "2.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, - }, - "defaultScript": "400e48ba-3f13-4144-ac7b-f824ea8e98c5", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", - "org.forgerock.oauth2.core.exceptions.ServerException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], + "serverInformation": { + "*": { + "_id": "*", + "cookieName": "iPlanetDirectoryPro", + "domains": [], + "fileBasedConfiguration": false, + "forgotPassword": "false", + "forgotUsername": "false", + "kbaEnabled": "false", + "lang": "en-US", + "protectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + "realm": "/", + "referralsEnabled": "false", + "secureCookie": false, + "selfRegistration": "false", + "socialImplementations": [], + "successfulUserRegistrationDestination": "default", + "userIdAttributes": [], + "xuiUserSessionValidationEnabled": true, + "zeroPageLogin": { + "allowedWithoutReferer": true, + "enabled": false, + "refererWhitelist": [], }, - "languages": [ - "JAVASCRIPT", - "GROOVY", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/serverVersion/version.serverVersion.json 1`] = ` +{ + "meta": Any, + "serverVersion": { + "version": { + "_id": "version", + "date": "2024-March-28 16:00", + "fullVersion": "ForgeRock Access Management 7.5.0 Build 89116d59a1ebe73ed1931dd3649adb7f217cd06b (2024-March-28 16:00)", + "revision": "89116d59a1ebe73ed1931dd3649adb7f217cd06b", + "version": "7.5.0", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/ConfigurationVersionService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "ConfigurationVersionService": { + "_id": "", + "_type": { + "_id": "ConfigurationVersionService", + "collection": false, + "name": "Configuration Version Service", + }, + "appliedRuleIds": [ + "AME-23273", + "AME-21032", + "AME-21768", ], + "configurationVersion": "8.0.0.0", + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OAUTH2_VALIDATE_SCOPE.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/CorsService.service.json 1`] = ` { "meta": Any, - "scripttype": { - "OAUTH2_VALIDATE_SCOPE": { - "_id": "OAUTH2_VALIDATE_SCOPE", + "service": { + "CorsService": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + "_id": "CorsService", + "collection": false, + "name": "CORS Service", }, - "context": { - "_id": "OAUTH2_VALIDATE_SCOPE", - "allowLists": { - "1.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.exceptions.InvalidScopeException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - "2.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.exceptions.InvalidScopeException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "enabled": true, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/DataStoreService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "DataStoreService": { + "_id": "", + "_type": { + "_id": "DataStoreService", + "collection": false, + "name": "External Data Stores", }, - "defaultScript": "25e6c06d-cf70-473b-bd28-26931edc476b", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.exceptions.InvalidScopeException", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], + "defaults": { + "applicationDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", + "policyDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/OIDC_CLAIMS.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/GoogleCloudServiceAccountService.service.json 1`] = ` { "meta": Any, - "scripttype": { - "OIDC_CLAIMS": { - "_id": "OIDC_CLAIMS", + "service": { + "GoogleCloudServiceAccountService": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + "_id": "GoogleCloudServiceAccountService", + "collection": false, + "name": "Google Cloud Platform Service Accounts", }, - "context": { - "_id": "OIDC_CLAIMS", - "allowLists": { - "1.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - "2.0": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", + "enabled": true, + "location": "global", + "nextDescendents": [ + { + "_id": "default", + "_type": { + "_id": "serviceAccounts", + "collection": true, + "name": "GCP Service Account", + }, + "allowedRealms": [ + "*", ], - "JAVASCRIPT": [ - "1.0", + "allowedSecretNamePatterns": [ + "*", ], + "disallowedSecretNamePatterns": [], }, + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/IdentityAssertionService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "IdentityAssertionService": { + "_id": "", + "_type": { + "_id": "IdentityAssertionService", + "collection": false, + "name": "Identity Assertion Service", }, - "defaultScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.google.common.collect.Sets$1", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.net.URI", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.Collections$UnmodifiableMap", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableSet", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.List", - "java.util.Locale", - "java.util.Map", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.*", - "org.forgerock.json.JsonValue", - "org.forgerock.macaroons.Macaroon", - "org.forgerock.oauth.clients.oidc.Claim", - "org.forgerock.oauth2.core.GrantType", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.oauth2.core.exceptions.InvalidRequestException", - "org.forgerock.openam.oauth2.OpenAMAccessToken", - "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", - "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.opendj.ldap.Dn", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.openidconnect.Claim", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", + "cacheDuration": 120, + "defaults": { + "cacheDuration": 120, + "enable": true, + }, + "enable": true, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/RadiusServerService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "RadiusServerService": { + "_id": "", + "_type": { + "_id": "RadiusServerService", + "collection": false, + "name": "RADIUS Server", + }, + "location": "global", + "nextDescendents": [], + "radiusListenerEnabled": "NO", + "radiusServerPort": 1812, + "radiusThreadPoolCoreSize": 1, + "radiusThreadPoolKeepaliveSeconds": 10, + "radiusThreadPoolMaxSize": 10, + "radiusThreadPoolQueueSize": 20, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/RemoteConsentService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "RemoteConsentService": { + "_id": "", + "_type": { + "_id": "RemoteConsentService", + "collection": false, + "name": "Remote Consent Service", + }, + "defaults": { + "consentResponseTimeLimit": 2, + "jwkStoreCacheMissCacheTime": 1, + "jwkStoreCacheTimeout": 5, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/SocialIdentityProviders.service.json 1`] = ` +{ + "meta": Any, + "service": { + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "defaults": { + "enabled": true, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/amSessionPropertyWhitelist.service.json 1`] = ` +{ + "meta": Any, + "service": { + "amSessionPropertyWhitelist": { + "_id": "", + "_type": { + "_id": "amSessionPropertyWhitelist", + "collection": false, + "name": "Session Property Whitelist Service", + }, + "defaults": { + "sessionPropertyWhitelist": [ + "AMCtxId", ], + "whitelistedQueryProperties": [], }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/POLICY_CONDITION.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/androidKeyAttestation.service.json 1`] = ` { "meta": Any, - "scripttype": { - "POLICY_CONDITION": { - "_id": "POLICY_CONDITION", + "service": { + "androidKeyAttestation": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + "_id": "androidKeyAttestation", + "collection": false, + "name": "Android Key Attestation", }, - "context": { - "_id": "POLICY_CONDITION", - "allowLists": { - "1.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.ArrayList", - "java.util.HashSet", - "java.util.HashMap", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "com.sun.identity.shared.debug.Debug", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.Client", - "org.forgerock.http.Handler", - "org.forgerock.http.Context", - "org.forgerock.http.context.RootContext", - "java.util.Collections$EmptyList", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "groovy.json.JsonSlurper", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - "2.0": [ - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "cacheDuration": 24, + "defaults": { + "crlUrl": "https://android.googleapis.com/attestation/status", }, - "defaultScript": "9de3eb62-f131-4fac-a294-7bd170fd4acb", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/audit.service.json 1`] = ` +{ + "meta": Any, + "service": { + "audit": { + "_id": "", + "_type": { + "_id": "audit", + "collection": false, + "name": "Audit Logging", + }, + "auditEnabled": true, + "blacklistFieldFilters": [], + "defaults": { + "auditEnabled": true, + "blacklistFieldFilters": [], + "whitelistFieldFilters": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Global JSON Handler", + "_type": { + "_id": "JSON", + "collection": true, + "name": "JSON", + }, + "commonHandler": { + "enabled": true, + "topics": [ + "access", + "activity", + "config", + "authentication", + ], + }, + "commonHandlerPlugin": { + "handlerFactory": "org.forgerock.openam.audit.events.handlers.JsonAuditEventHandlerFactory", + }, + "jsonBuffering": { + "bufferingMaxSize": "100000", + "bufferingWriteInterval": "5", + }, + "jsonConfig": { + "elasticsearchCompatible": false, + "location": "%BASE_DIR%/var/audit/", + "rotationRetentionCheckInterval": "5", + }, + "jsonFileRetention": { + "retentionMaxDiskSpaceToUse": "-1", + "retentionMaxNumberOfHistoryFiles": "1", + "retentionMinFreeSpaceRequired": "-1", + }, + "jsonFileRotation": { + "rotationEnabled": true, + "rotationFileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "rotationInterval": "-1", + "rotationMaxFileSize": "100000000", + "rotationTimes": [], + }, }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.ArrayList", - "java.util.HashSet", - "java.util.HashMap", - "java.util.HashMap$KeyIterator", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "com.sun.identity.shared.debug.Debug", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.Client", - "org.forgerock.http.Handler", - "org.forgerock.http.Context", - "org.forgerock.http.context.RootContext", - "java.util.Collections$EmptyList", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Form", - "org.forgerock.http.protocol.Header", - "org.forgerock.http.protocol.Headers", - "org.forgerock.http.protocol.Message", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.RequestCookies", - "org.forgerock.http.protocol.Response", - "org.forgerock.http.protocol.ResponseException", - "org.forgerock.http.protocol.Responses", - "org.forgerock.http.protocol.Status", - "org.forgerock.util.promise.NeverThrowsException", - "org.forgerock.util.promise.Promise", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", - "org.forgerock.openam.scripting.api.ScriptedSession", - "groovy.json.JsonSlurper", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - ], + ], + "whitelistFieldFilters": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/authenticatorOathService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "authenticatorOathService": { + "_id": "", + "_type": { + "_id": "authenticatorOathService", + "collection": false, + "name": "ForgeRock Authenticator (OATH) Service", + }, + "defaults": { + "authenticatorOATHDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", + "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", + "authenticatorOATHSkippableName": "oath2faEnabled", + "oathAttrName": "oathDeviceProfiles", }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SAML2_IDP_ADAPTER.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/authenticatorPushService.service.json 1`] = ` { "meta": Any, - "scripttype": { - "SAML2_IDP_ADAPTER": { - "_id": "SAML2_IDP_ADAPTER", + "service": { + "authenticatorPushService": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", - }, - "context": { - "_id": "SAML2_IDP_ADAPTER", - "allowLists": { - "1.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "com.sun.identity.saml2.common.SAML2Exception", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "com.sun.identity.saml2.assertion.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "com.sun.identity.saml2.protocol.*", - "com.sun.identity.saml2.protocol.impl.*", - "java.io.PrintWriter", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", - "jdk.proxy*", - ], - "2.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "org.forgerock.util.promise.PromiseImpl", - "javax.servlet.http.Cookie", - "org.xml.sax.InputSource", - "java.security.cert.CertificateFactory", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.io.PrintWriter", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "_id": "authenticatorPushService", + "collection": false, + "name": "ForgeRock Authenticator (Push) Service", }, - "defaultScript": "248b8a56-df81-4b1b-b4ba-45d994f6504c", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "com.sun.identity.saml2.common.SAML2Exception", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "com.sun.identity.saml2.assertion.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "com.sun.identity.saml2.protocol.*", - "com.sun.identity.saml2.protocol.impl.*", - "java.io.PrintWriter", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", - "jdk.proxy*", - ], + "defaults": { + "authenticatorPushDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", + "authenticatorPushSkippableName": "push2faEnabled", + "pushAttrName": "pushDeviceProfiles", }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SAML2_IDP_ATTRIBUTE_MAPPER.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/authenticatorWebAuthnService.service.json 1`] = ` { "meta": Any, - "scripttype": { - "SAML2_IDP_ATTRIBUTE_MAPPER": { - "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "service": { + "authenticatorWebAuthnService": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + "_id": "authenticatorWebAuthnService", + "collection": false, + "name": "WebAuthn Profile Encryption Service", }, - "context": { - "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", - "allowLists": { - "1.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "com.sun.identity.saml2.common.SAML2Exception", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "javax.servlet.http.Cookie", - "javax.xml.parsers.DocumentBuilder", - "javax.xml.parsers.DocumentBuilderFactory", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.w3c.dom.Document", - "org.w3c.dom.Element", - "org.xml.sax.InputSource", - "jdk.proxy*", - ], - "2.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "org.forgerock.util.promise.PromiseImpl", - "javax.servlet.http.Cookie", - "org.xml.sax.InputSource", - "java.security.cert.CertificateFactory", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "defaults": { + "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jceks", + "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", + "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", + "webauthnAttrName": "webauthnDeviceProfiles", }, - "defaultScript": "c4f22465-2368-4e27-8013-e6399974fd48", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "com.sun.identity.saml2.common.SAML2Exception", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "com.sun.identity.saml2.assertion.impl.AttributeImpl", - "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", - "javax.servlet.http.Cookie", - "javax.xml.parsers.DocumentBuilder", - "javax.xml.parsers.DocumentBuilderFactory", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.w3c.dom.Document", - "org.w3c.dom.Element", - "org.xml.sax.InputSource", - "jdk.proxy*", - ], + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/baseurl.service.json 1`] = ` +{ + "meta": Any, + "service": { + "baseurl": { + "_id": "", + "_type": { + "_id": "baseurl", + "collection": false, + "name": "Base URL Source", }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "defaults": { + "contextPath": "/am", + "source": "REQUEST_VALUES", + }, + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SAML2_SP_ADAPTER.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/dashboard.service.json 1`] = ` { "meta": Any, - "scripttype": { - "SAML2_SP_ADAPTER": { - "_id": "SAML2_SP_ADAPTER", + "service": { + "dashboard": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + "_id": "dashboard", + "collection": false, + "name": "Dashboard", }, - "context": { - "_id": "SAML2_SP_ADAPTER", - "allowLists": { - "1.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "com.sun.identity.saml2.common.SAML2Exception", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "com.sun.identity.saml2.assertion.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "com.sun.identity.saml2.protocol.*", - "com.sun.identity.saml2.protocol.impl.*", - "java.io.PrintWriter", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", - "jdk.proxy*", - ], - "2.0": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.sun.identity.common.CaseInsensitiveHashMap", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "org.forgerock.util.promise.PromiseImpl", - "javax.servlet.http.Cookie", - "org.xml.sax.InputSource", - "java.security.cert.CertificateFactory", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.io.PrintWriter", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "sun.security.ec.ECPrivateKeyImpl", - "jdk.proxy*", - ], + "defaults": { + "assignedDashboard": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Google", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "Google", + "icfIdentifier": "idm magic 34", + "icon": "images/logos/googleplus.png", + "login": "http://www.google.com", + "name": "Google", }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], + { + "_id": "SalesForce", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "SalesForce", + "icfIdentifier": "idm magic 12", + "icon": "images/logos/salesforce.png", + "login": "http://www.salesforce.com", + "name": "SalesForce", }, - }, - "defaultScript": "69f06e63-128c-4e2f-af52-079a8a6f448b", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", + { + "_id": "ZenDesk", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "ZenDesk", + "icfIdentifier": "idm magic 56", + "icon": "images/logos/zendesk.png", + "login": "http://www.ZenDesk.com", + "name": "ZenDesk", }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList", - "java.util.ArrayList$Itr", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$EmptyMap", - "java.util.Collections$SingletonList", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "java.util.HashMap", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$KeySet", - "java.util.HashMap$Node", - "java.util.HashSet", - "java.util.LinkedHashMap", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "java.net.URI", - "com.iplanet.am.sdk.AMHashMap", - "com.iplanet.sso.providers.dpro.SessionSsoToken", - "com.sun.identity.common.CaseInsensitiveHashMap", - "com.sun.identity.shared.debug.Debug", - "com.sun.identity.saml2.common.SAML2Exception", - "groovy.json.JsonSlurper", - "groovy.json.internal.LazyMap", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.Client", - "org.forgerock.http.client.*", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.json.JsonValue", - "org.mozilla.javascript.JavaScriptException", - "com.sun.identity.saml2.assertion.*", - "com.sun.identity.saml2.assertion.impl.*", - "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", - "com.sun.identity.saml2.protocol.*", - "com.sun.identity.saml2.protocol.impl.*", - "java.io.PrintWriter", - "javax.security.auth.Subject", - "javax.servlet.http.HttpServletRequestWrapper", - "javax.servlet.http.HttpServletResponseWrapper", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", - "jdk.proxy*", - ], - }, - "languages": [ - "JAVASCRIPT", - "GROOVY", ], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/scripttype/SOCIAL_IDP_PROFILE_TRANSFORMATION.scripttype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/deviceBindingService.service.json 1`] = ` { "meta": Any, - "scripttype": { - "SOCIAL_IDP_PROFILE_TRANSFORMATION": { - "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "service": { + "deviceBindingService": { + "_id": "", "_type": { - "_id": "contexts", - "collection": true, - "name": "scriptContext", + "_id": "deviceBindingService", + "collection": false, + "name": "Device Binding Service", }, - "context": { - "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", - "allowLists": { - "1.0": [ - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList$Itr", - "java.util.ArrayList", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$Node", - "java.util.HashMap", - "java.util.HashSet", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Response", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.oauth.clients.oidc.Claim", - "java.util.Locale", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - "2.0": [ - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList$Itr", - "java.util.ArrayList", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$Node", - "java.util.HashMap", - "java.util.HashSet", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Response", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.oauth.clients.oidc.Claim", - "java.util.Locale", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], - }, - "evaluatorVersions": { - "GROOVY": [ - "1.0", - ], - "JAVASCRIPT": [ - "1.0", - ], - }, + "defaults": { + "deviceBindingAttrName": "boundDevices", + "deviceBindingSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceBindingSettingsEncryptionKeystorePassword": null, + "deviceBindingSettingsEncryptionKeystoreType": "JKS", + "deviceBindingSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/deviceIdService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "deviceIdService": { + "_id": "", + "_type": { + "_id": "deviceIdService", + "collection": false, + "name": "Device ID Service", + }, + "defaults": { + "deviceIdAttrName": "devicePrintProfiles", + "deviceIdSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceIdSettingsEncryptionKeystorePassword": null, + "deviceIdSettingsEncryptionKeystoreType": "JKS", + "deviceIdSettingsEncryptionScheme": "NONE", }, - "defaultScript": "1d475815-72cb-42eb-aafd-4026989d28a7", - "engineConfiguration": { - "_id": "engineConfiguration", - "_type": { - "_id": "engineConfiguration", - "collection": false, - "name": "Scripting engine configuration", - }, - "blackList": [ - "java.security.AccessController", - "java.lang.Class", - "java.lang.reflect.*", - ], - "coreThreads": 10, - "idleTimeout": 60, - "maxThreads": 50, - "propertyNamePrefix": "script", - "queueSize": 10, - "serverTimeout": 0, - "useSecurityManager": true, - "whiteList": [ - "com.sun.identity.idm.AMIdentity", - "com.sun.identity.shared.debug.Debug", - "groovy.json.JsonSlurper", - "java.lang.Boolean", - "java.lang.Byte", - "java.lang.Character$Subset", - "java.lang.Character$UnicodeBlock", - "java.lang.Character", - "java.lang.Double", - "java.lang.Float", - "java.lang.Integer", - "java.lang.Long", - "java.lang.Math", - "java.lang.Number", - "java.lang.Object", - "java.lang.Short", - "java.lang.StrictMath", - "java.lang.String", - "java.lang.Void", - "java.util.AbstractMap$SimpleImmutableEntry", - "java.util.ArrayList$Itr", - "java.util.ArrayList", - "java.util.Collections$1", - "java.util.Collections$EmptyList", - "java.util.Collections$SingletonList", - "java.util.HashMap$Entry", - "java.util.HashMap$KeyIterator", - "java.util.HashMap$Node", - "java.util.HashMap", - "java.util.HashSet", - "java.util.LinkedHashMap$Entry", - "java.util.LinkedHashMap$LinkedEntryIterator", - "java.util.LinkedHashMap$LinkedEntrySet", - "java.util.LinkedHashMap", - "java.util.LinkedHashSet", - "java.util.LinkedList", - "java.util.TreeMap", - "java.util.TreeSet", - "org.codehaus.groovy.runtime.GStringImpl", - "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", - "org.forgerock.http.client.*", - "org.forgerock.http.protocol.Entity", - "org.forgerock.http.protocol.Request", - "org.forgerock.http.protocol.Response", - "org.forgerock.json.JsonValue", - "org.forgerock.oauth2.core.UserInfoClaims", - "org.forgerock.openam.scripting.api.http.GroovyHttpClient", - "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", - "org.forgerock.openam.shared.security.crypto.CertificateService", - "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", - "org.forgerock.util.promise.PromiseImpl", - "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", - "java.util.List", - "java.util.Map", - "java.util.Collections$UnmodifiableRandomAccessList", - "java.util.Collections$UnmodifiableCollection$1", - "org.forgerock.oauth.clients.oidc.Claim", - "java.util.Locale", - "org.mozilla.javascript.JavaScriptException", - "sun.security.ec.ECPrivateKeyImpl", - "org.forgerock.opendj.ldap.Rdn", - "org.forgerock.opendj.ldap.Dn", - "jdk.proxy*", - ], + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/deviceProfilesService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "deviceProfilesService": { + "_id": "", + "_type": { + "_id": "deviceProfilesService", + "collection": false, + "name": "Device Profiles Service", }, - "languages": [ - "JAVASCRIPT", - "GROOVY", - ], + "defaults": { + "deviceProfilesAttrName": "deviceProfiles", + "deviceProfilesSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceProfilesSettingsEncryptionKeystorePassword": null, + "deviceProfilesSettingsEncryptionKeystoreType": "JKS", + "deviceProfilesSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secrets/GlobalSecrets.secrets.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/email.service.json 1`] = ` { "meta": Any, - "secrets": { - "GlobalSecrets": { - "_id": "GlobalSecrets", + "service": { + "email": { + "_id": "", "_type": { - "_id": "GlobalSecrets", + "_id": "email", "collection": false, - "name": "Global Secrets Settings", + "name": "Email Service", }, - "storeTypes": [ - "EnvironmentAndSystemPropertySecretStore", - "KeyStoreSecretStore", - "GoogleSecretManagerSecretStoreProvider", - "GoogleKeyManagementServiceSecretStore", - "HsmSecretStore", - "FileSystemSecretStore", + "defaults": { + "emailAddressAttribute": "mail", + "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", + "emailRateLimitSeconds": 1, + "port": 465, + "sslState": "SSL", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/federationcommon.service.json 1`] = ` +{ + "meta": Any, + "service": { + "federation/common": { + "_id": "", + "_type": { + "_id": "federation/common", + "collection": false, + "name": "Common Federation Configuration", + }, + "algorithms": { + "DigestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256", + "QuerySignatureAlgorithmDSA": "http://www.w3.org/2009/xmldsig11#dsa-sha256", + "QuerySignatureAlgorithmEC": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", + "QuerySignatureAlgorithmRSA": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "aesKeyWrapAlgorithm": "http://www.w3.org/2001/04/xmlenc#kw-aes256", + "canonicalizationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", + "maskGenerationFunction": "http://www.w3.org/2009/xmlenc11#mgf1sha256", + "rsaKeyTransportAlgorithm": "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", + "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "transformationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", + }, + "generalConfig": { + "certificateChecking": "on", + "maxContentLength": 20480, + "samlErrorPageHttpBinding": "HTTP-POST", + "samlErrorPageUrl": "/saml2/jsp/saml2error.jsp", + }, + "implementationClasses": { + "configurationClass": "com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl", + "datastoreClass": "com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider", + "keyProviderClass": "com.sun.identity.saml.xmlsig.JKSKeyProvider", + "loggerClass": "com.sun.identity.plugin.log.impl.LogProvider", + "passwordDecoderClass": "com.sun.identity.saml.xmlsig.FMPasswordDecoder", + "rootUrlProviderClass": "org.forgerock.openam.federation.plugin.rooturl.impl.FmRootUrlProvider", + "sessionProviderClass": "com.sun.identity.plugin.session.impl.FMSessionProvider", + "signatureProviderClass": "com.sun.identity.saml.xmlsig.AMSignatureProvider", + }, + "location": "global", + "montoring": { + "monitoringAgentClass": "com.sun.identity.plugin.monitoring.impl.AgentProvider", + "monitoringSaml2Class": "com.sun.identity.plugin.monitoring.impl.FedMonSAML2SvcProvider", + }, + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/federationmulti.service.json 1`] = ` +{ + "meta": Any, + "service": { + "federation/multi": { + "_id": "", + "_type": { + "_id": "federation/multi", + "collection": false, + "name": "Multi-Federation Protocol", + }, + "location": "global", + "nextDescendents": [], + "singleLogoutHandlerList": [ + "key=WSFED|class=com.sun.identity.multiprotocol.WSFederationSingleLogoutHandler", + "key=SAML2|class=com.sun.identity.multiprotocol.SAML2SingleLogoutHandler", ], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secretstore/EnvironmentAndSystemPropertySecretStore.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/federationsaml2soapbinding.service.json 1`] = ` { "meta": Any, - "secretstore": { - "EnvironmentAndSystemPropertySecretStore": { - "_id": "EnvironmentAndSystemPropertySecretStore", + "service": { + "federation/saml2soapbinding": { + "_id": "", "_type": { - "_id": "EnvironmentAndSystemPropertySecretStore", + "_id": "federation/saml2soapbinding", "collection": false, - "name": "Environment and System Property Secrets Store", + "name": "SAML v2.0 SOAP Binding", }, - "format": "BASE64", + "location": "global", + "nextDescendents": [], + "requestHandlers": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secretstore/default-keystore.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/globalization.service.json 1`] = ` { "meta": Any, - "secretstore": { - "default-keystore": { - "_id": "default-keystore", + "service": { + "globalization": { + "_id": "", "_type": { - "_id": "KeyStoreSecretStore", - "collection": true, - "name": "Keystore", + "_id": "globalization", + "collection": false, + "name": "Globalization Settings", }, - "file": "/home/prestonhales/am/security/keystores/keystore.jceks", - "keyEntryPassword": "entrypass", - "leaseExpiryDuration": 5, - "mappings": [ + "charsetMappings": [ + "locale=zh|charset=UTF-8;GB2312", + "locale=ar|charset=UTF-8;ISO-8859-6", + "locale=es|charset=UTF-8;ISO-8859-15", + "locale=de|charset=UTF-8;ISO-8859-15", + "locale=zh_TW|charset=UTF-8;BIG5", + "locale=fr|charset=UTF-8;ISO-8859-15", + "locale=ko|charset=UTF-8;EUC-KR", + "locale=en|charset=UTF-8;ISO-8859-1", + "locale=th|charset=UTF-8;TIS-620", + "locale=ja|charset=UTF-8;Shift_JIS;EUC-JP", + ], + "defaults": { + "commonNameFormats": [ + "zh={sn}{givenname}", + ], + }, + "location": "global", + "nextDescendents": [], + "sun-identity-g11n-settings-charset-alias-mapping": [ + "mimeName=EUC-KR|javaName=EUC_KR", + "mimeName=EUC-JP|javaName=EUC_JP", + "mimeName=Shift_JIS|javaName=SJIS", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/id-repositories.service.json 1`] = ` +{ + "meta": Any, + "service": { + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "defaults": { + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], + }, + "location": "global", + "nextDescendents": [ { - "_id": "am.applications.agents.remote.consent.request.signing.ES256", + "_id": "agent", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "es256test", - ], - "secretId": "am.applications.agents.remote.consent.request.signing.ES256", }, { - "_id": "am.applications.agents.remote.consent.request.signing.ES384", + "_id": "agentgroup", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "es384test", - ], - "secretId": "am.applications.agents.remote.consent.request.signing.ES384", }, { - "_id": "am.applications.agents.remote.consent.request.signing.ES512", + "_id": "agentonly", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "es512test", - ], - "secretId": "am.applications.agents.remote.consent.request.signing.ES512", }, { - "_id": "am.applications.agents.remote.consent.request.signing.RSA", + "_id": "filteredrole", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "rsajwtsigningkey", - ], - "secretId": "am.applications.agents.remote.consent.request.signing.RSA", }, { - "_id": "am.authentication.nodes.persistentcookie.encryption", + "_id": "group", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "test", - ], - "secretId": "am.authentication.nodes.persistentcookie.encryption", }, { - "_id": "am.authn.authid.signing.HMAC", + "_id": "realm", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "hmacsigningtest", - ], - "secretId": "am.authn.authid.signing.HMAC", }, { - "_id": "am.authn.trees.transientstate.encryption", + "_id": "role", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "directenctest", - ], - "secretId": "am.authn.trees.transientstate.encryption", }, { - "_id": "am.default.applications.federation.entity.providers.saml2.idp.encryption", + "_id": "user", "_type": { - "_id": "mappings", + "_id": "SupportedIdentities", "collection": true, - "name": "Mappings", + "name": "SupportedIdentities", }, - "aliases": [ - "test", - ], - "secretId": "am.default.applications.federation.entity.providers.saml2.idp.encryption", }, { - "_id": "am.default.applications.federation.entity.providers.saml2.idp.signing", + "_id": "amAdmin", "_type": { - "_id": "mappings", + "_id": "user", "collection": true, - "name": "Mappings", + "name": "User", }, - "aliases": [ - "rsajwtsigningkey", - ], - "secretId": "am.default.applications.federation.entity.providers.saml2.idp.signing", + "cn": "amAdmin", + "dn": "uid=amAdmin,ou=people,", + "givenName": "amAdmin", + "inetUserStatus": "Active", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "sn": "amAdmin", + "userPassword": null, }, { - "_id": "am.default.applications.federation.entity.providers.saml2.sp.encryption", + "_id": "anonymous", "_type": { - "_id": "mappings", + "_id": "user", "collection": true, - "name": "Mappings", + "name": "User", }, - "aliases": [ - "test", - ], - "secretId": "am.default.applications.federation.entity.providers.saml2.sp.encryption", + "cn": "anonymous", + "dn": "uid=anonymous,ou=people,", + "givenName": "anonymous", + "inetUserStatus": "Inactive", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "sn": "anonymous", + "userPassword": null, }, { - "_id": "am.default.applications.federation.entity.providers.saml2.sp.signing", + "_id": "dsameuser", "_type": { - "_id": "mappings", + "_id": "user", "collection": true, - "name": "Mappings", + "name": "User", }, - "aliases": [ - "rsajwtsigningkey", - ], - "secretId": "am.default.applications.federation.entity.providers.saml2.sp.signing", + "dn": "cn=dsameuser,ou=DSAME Users,", + "inetUserStatus": "Active", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "userPassword": null, }, + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/idm-integration.service.json 1`] = ` +{ + "meta": Any, + "service": { + "idm-integration": { + "_id": "", + "_type": { + "_id": "idm-integration", + "collection": false, + "name": "IDM Provisioning", + }, + "configurationCacheDuration": 0, + "enabled": false, + "idmProvisioningClient": "idm-provisioning", + "jwtSigningCompatibilityMode": false, + "location": "global", + "nextDescendents": [], + "provisioningClientScopes": [ + "fr:idm:*", + ], + "useInternalOAuth2Provider": false, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/iot.service.json 1`] = ` +{ + "meta": Any, + "service": { + "iot": { + "_id": "", + "_type": { + "_id": "iot", + "collection": false, + "name": "IoT Service", + }, + "defaults": { + "attributeAllowlist": [ + "thingConfig", + ], + "createOAuthClient": false, + "createOAuthJwtIssuer": false, + "oauthClientName": "forgerock-iot-oauth2-client", + "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/logging.service.json 1`] = ` +{ + "meta": Any, + "service": { + "logging": { + "_id": "", + "_type": { + "_id": "logging", + "collection": false, + "name": "Logging", + }, + "database": { + "databaseFailureMemoryBufferSize": 2, + "driver": "oracle.jdbc.driver.OracleDriver", + "maxRecords": 500, + "user": "dbuser", + }, + "file": { + "location": "%BASE_DIR%/var/audit/", + "maxFileSize": 100000000, + "numberHistoryFiles": 1, + "rotationEnabled": true, + "rotationInterval": -1, + "suffix": "-MM.dd.yy-kk.mm", + }, + "general": { + "bufferSize": 25, + "bufferTime": 60, + "buffering": "ON", + "certificateStore": "%BASE_DIR%/var/audit/Logger.jks", + "fields": [ + "IPAddr", + "LoggedBy", + "LoginID", + "NameID", + "ModuleName", + "ContextID", + "Domain", + "LogLevel", + "HostName", + "MessageID", + ], + "filesPerKeystore": 5, + "jdkLoggingLevel": "INFO", + "security": "OFF", + "signaturePeriod": 900, + "signingAlgorithm": "SHA1withRSA", + "status": "INACTIVE", + "type": "File", + "verifyPeriod": 3600, + }, + "location": "global", + "nextDescendents": [], + "resolveHostName": false, + "syslog": { + "facility": "local5", + "host": "localhost", + "port": 514, + "protocol": "UDP", + "timeout": 30, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/monitoring.service.json 1`] = ` +{ + "meta": Any, + "service": { + "monitoring": { + "_id": "", + "_type": { + "_id": "monitoring", + "collection": false, + "name": "Monitoring", + }, + "authfilePath": "%BASE_DIR%/security/openam_mon_auth", + "enabled": true, + "httpEnabled": false, + "httpPort": 8082, + "location": "global", + "nextDescendents": [ { - "_id": "am.default.authentication.modules.persistentcookie.encryption", + "_id": "crest", "_type": { - "_id": "mappings", + "_id": "crest", "collection": true, - "name": "Mappings", + "name": "CREST Reporter", }, - "aliases": [ - "test", - ], - "secretId": "am.default.authentication.modules.persistentcookie.encryption", + "enabled": false, }, { - "_id": "am.default.authentication.modules.persistentcookie.signing", + "_id": "prometheus", "_type": { - "_id": "mappings", + "_id": "prometheus", "collection": true, - "name": "Mappings", + "name": "Prometheus Reporter", }, - "aliases": [ - "hmacsigningtest", - ], - "secretId": "am.default.authentication.modules.persistentcookie.signing", + "authenticationType": "BASIC", + "enabled": false, + "password": null, + "username": "prometheus", }, - { - "_id": "am.default.authentication.nodes.persistentcookie.signing", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "hmacsigningtest", + ], + "policyHistoryWindowSize": 10000, + "rmiEnabled": false, + "rmiPort": 9999, + "sessionHistoryWindowSize": 10000, + "snmpEnabled": false, + "snmpPort": 8085, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/naming.service.json 1`] = ` +{ + "meta": Any, + "service": { + "naming": { + "_id": "", + "_type": { + "_id": "naming", + "collection": false, + "name": "Naming", + }, + "endpointConfig": { + "jaxwsUrl": "%protocol://%host:%port%uri/identityservices/", + "stsMexUrl": "%protocol://%host:%port%uri/sts/mex", + "stsUrl": "%protocol://%host:%port%uri/sts", + }, + "federationConfig": { + "jaxrpcUrl": "%protocol://%host:%port%uri/jaxrpc/", + "samlAssertionManagerUrl": "%protocol://%host:%port%uri/AssertionManagerServlet/AssertionManagerIF", + "samlAwareServletUrl": "%protocol://%host:%port%uri/SAMLAwareServlet", + "samlPostServletUrl": "%protocol://%host:%port%uri/SAMLPOSTProfileServlet", + "samlSoapReceiverUrl": "%protocol://%host:%port%uri/SAMLSOAPReceiver", + }, + "generalConfig": { + "authUrl": "%protocol://%host:%port%uri/authservice", + "loggingUrl": "%protocol://%host:%port%uri/loggingservice", + "policyUrl": "%protocol://%host:%port%uri/policyservice", + "profileUrl": "%protocol://%host:%port%uri/profileservice", + "sessionUrl": "%protocol://%host:%port%uri/sessionservice", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/oauth-oidc.service.json 1`] = ` +{ + "meta": Any, + "service": { + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "allowUnauthorisedAccessToUserCodeForm": false, + "blacklistCacheSize": 10000, + "blacklistPollInterval": 60, + "blacklistPurgeDelay": 1, + "defaults": { + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", ], - "secretId": "am.default.authentication.nodes.persistentcookie.signing", - }, - { - "_id": "am.global.services.oauth2.oidc.agent.idtoken.signing", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "rsajwtsigningkey", + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", ], - "secretId": "am.global.services.oauth2.oidc.agent.idtoken.signing", - }, - { - "_id": "am.global.services.saml2.client.storage.jwt.encryption", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "directenctest", + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", ], - "secretId": "am.global.services.saml2.client.storage.jwt.encryption", - }, - { - "_id": "am.global.services.session.clientbased.encryption.AES", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "aestest", + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", ], - "secretId": "am.global.services.session.clientbased.encryption.AES", - }, - { - "_id": "am.global.services.session.clientbased.signing.HMAC", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "hmacsigningtest", + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", ], - "secretId": "am.global.services.session.clientbased.signing.HMAC", - }, - { - "_id": "am.services.iot.jwt.issuer.signing", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "hmacsigningtest", + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "secretId": "am.services.iot.jwt.issuer.signing", }, - { - "_id": "am.services.oauth2.jwt.authenticity.signing", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "hmacsigningtest", + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "secretId": "am.services.oauth2.jwt.authenticity.signing", - }, - { - "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "test", + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP", - }, - { - "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "test", + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", - }, - { - "_id": "am.services.oauth2.oidc.decryption.RSA1.5", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "test", + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "secretId": "am.services.oauth2.oidc.decryption.RSA1.5", - }, - { - "_id": "am.services.oauth2.oidc.rp.idtoken.encryption", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "test", + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "secretId": "am.services.oauth2.oidc.rp.idtoken.encryption", - }, - { - "_id": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "rsajwtsigningkey", + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "secretId": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", - }, - { - "_id": "am.services.oauth2.oidc.signing.ES256", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "es256test", + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "secretId": "am.services.oauth2.oidc.signing.ES256", - }, - { - "_id": "am.services.oauth2.oidc.signing.ES384", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "es384test", + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "secretId": "am.services.oauth2.oidc.signing.ES384", - }, - { - "_id": "am.services.oauth2.oidc.signing.ES512", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "es512test", + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "secretId": "am.services.oauth2.oidc.signing.ES512", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - { - "_id": "am.services.oauth2.oidc.signing.RSA", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "rsajwtsigningkey", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", ], - "secretId": "am.services.oauth2.oidc.signing.RSA", }, - { - "_id": "am.services.oauth2.remote.consent.request.encryption", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "selfserviceenctest", + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", ], - "secretId": "am.services.oauth2.remote.consent.request.encryption", }, - { - "_id": "am.services.oauth2.remote.consent.response.decryption", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "test", + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "secretId": "am.services.oauth2.remote.consent.response.decryption", - }, - { - "_id": "am.services.oauth2.remote.consent.response.signing.RSA", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "rsajwtsigningkey", + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "secretId": "am.services.oauth2.remote.consent.response.signing.RSA", - }, - { - "_id": "am.services.oauth2.stateless.signing.ES256", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "es256test", + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "secretId": "am.services.oauth2.stateless.signing.ES256", - }, - { - "_id": "am.services.oauth2.stateless.signing.ES384", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "es384test", + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "secretId": "am.services.oauth2.stateless.signing.ES384", - }, - { - "_id": "am.services.oauth2.stateless.signing.ES512", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "es512test", + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "secretId": "am.services.oauth2.stateless.signing.ES512", - }, - { - "_id": "am.services.oauth2.stateless.signing.HMAC", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "hmacsigningtest", + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "secretId": "am.services.oauth2.stateless.signing.HMAC", }, - { - "_id": "am.services.oauth2.stateless.signing.RSA", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "rsajwtsigningkey", - ], - "secretId": "am.services.oauth2.stateless.signing.RSA", + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, }, - { - "_id": "am.services.oauth2.stateless.token.encryption", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "directenctest", + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "secretId": "am.services.oauth2.stateless.token.encryption", - }, - { - "_id": "am.services.saml2.metadata.signing.RSA", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "rsajwtsigningkey", + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "secretId": "am.services.saml2.metadata.signing.RSA", - }, - { - "_id": "am.services.uma.pct.encryption", - "_type": { - "_id": "mappings", - "collection": true, - "name": "Mappings", - }, - "aliases": [ - "directenctest", + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "secretId": "am.services.uma.pct.encryption", }, - ], - "providerName": "SunJCE", - "storePassword": "storepass", - "storetype": "JCEKS", + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "jwtTokenLifetimeValidationEnabled": true, + "jwtTokenRequiredClaims": [], + "jwtTokenUnreasonableLifetime": 86400, + "location": "global", + "nextDescendents": [], + "statelessGrantTokenUpgradeCompatibilityMode": false, + "storageScheme": "CTS_ONE_TO_ONE_MODEL", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/secretstore/default-passwords-store.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/pingOneWorkerService.service.json 1`] = ` { "meta": Any, - "secretstore": { - "default-passwords-store": { - "_id": "default-passwords-store", + "service": { + "pingOneWorkerService": { + "_id": "", "_type": { - "_id": "FileSystemSecretStore", - "collection": true, - "name": "File System Secret Volumes", + "_id": "pingOneWorkerService", + "collection": false, + "name": "PingOne Worker Service", }, - "directory": "/home/prestonhales/am/security/secrets/encrypted", - "format": "ENCRYPTED_PLAIN", + "defaults": { + "enabled": true, + }, + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/platform.service.json 1`] = ` { - "defaultProperties": { - "advanced": "file://default/advanced.default.properties.server.json", - "cts": "file://default/cts.default.properties.server.json", - "general": "file://default/general.default.properties.server.json", - "sdk": "file://default/sdk.default.properties.server.json", - "security": "file://default/security.default.properties.server.json", - "session": "file://default/session.default.properties.server.json", - "uma": "file://default/uma.default.properties.server.json", - }, "meta": Any, - "server": { - "01": { - "_id": "01", - "properties": { - "advanced": "file://01/advanced.properties.server.json", - "cts": "file://01/cts.properties.server.json", - "directoryConfiguration": "file://01/directoryConfiguration.properties.server.json", - "general": "file://01/general.properties.server.json", - "sdk": "file://01/sdk.properties.server.json", - "security": "file://01/security.properties.server.json", - "session": "file://01/session.properties.server.json", - "uma": "file://01/uma.properties.server.json", + "service": { + "platform": { + "_id": "", + "_type": { + "_id": "platform", + "collection": false, + "name": "Platform", }, - "siteName": null, - "url": "http://localhost:8080/am", + "cookieDomains": [], + "locale": "en_US", + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/advanced.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/policyconfiguration.service.json 1`] = ` { - "_id": "01/properties/advanced", - "bootstrap.file": "/home/prestonhales/.openamcfg/AMConfig_usr_local_tomcat_webapps_am_", - "com.iplanet.am.lbcookie.value": "01", - "com.iplanet.am.serverMode": true, - "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", - "com.sun.embedded.replicationport": "", - "com.sun.embedded.sync.servers": "on", - "com.sun.identity.common.systemtimerpool.size": "3", - "com.sun.identity.sm.sms_object_class_name": "com.sun.identity.sm.SmsWrapperObject", - "com.sun.identity.urlconnection.useCache": false, - "opensso.protocol.handler.pkgs": "", - "org.forgerock.embedded.dsadminport": "4444", + "meta": Any, + "service": { + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "continueEvaluationOnDeny": false, + "defaults": { + "bindDn": "cn=Directory Manager", + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "maximumSearchResults": 100, + "mtlsEnabled": false, + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + "location": "global", + "nextDescendents": [], + "realmAliasReferrals": false, + "resourceComparators": [ + "serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|oneLevelWildcard=-*-|delimiter=/|caseSensitive=false", + ], + }, + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/cts.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/pushNotification.service.json 1`] = ` { - "_id": "01/properties/cts", - "amconfig.org.forgerock.services.cts.store.common.section": { - "org.forgerock.services.cts.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.cts.store.max.connections": { - "inherited": true, - "value": "100", - }, - "org.forgerock.services.cts.store.page.size": { - "inherited": true, - "value": "0", - }, - "org.forgerock.services.cts.store.root.suffix": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.vlv.page.size": { - "inherited": true, - "value": "1000", - }, - }, - "amconfig.org.forgerock.services.cts.store.external.section": { - "org.forgerock.services.cts.store.affinity.enabled": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.cts.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.cts.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.cts.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, + "service": { + "pushNotification": { + "_id": "", + "_type": { + "_id": "pushNotification", + "collection": false, + "name": "Push Notification Service", + }, + "defaults": { + "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", + "mdCacheSize": 10000, + "mdConcurrency": 16, + "mdDuration": 120, + "region": "us-east-1", + }, + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/directoryConfiguration.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/rest.service.json 1`] = ` { - "_id": "01/properties/directoryConfiguration", - "directoryConfiguration": { - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "maxConnectionPool": 10, - "minConnectionPool": 1, - "mtlsAlias": "", - "mtlsEnabled": false, - "mtlsKeyPasswordFile": "", - "mtlsKeyStoreFile": "", - "mtlsKeyStorePasswordFile": "", - "mtlsKeyStoreType": null, - }, - "directoryServers": [ - { - "connectionType": "SSL", - "hostName": "localhost", - "portNumber": "50636", - "serverName": "Server1", + "meta": Any, + "service": { + "rest": { + "_id": "", + "_type": { + "_id": "rest", + "collection": false, + "name": "REST APIs", + }, + "csrfFilterEnabled": true, + "defaultProtocolVersion": "Latest", + "defaultVersion": "Latest", + "descriptionsState": "STATIC", + "location": "global", + "nextDescendents": [], + "warningHeader": true, }, - ], + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/general.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/saml2.service.json 1`] = ` { - "_id": "01/properties/general", - "amconfig.header.debug": { - "com.iplanet.services.debug.directory": { - "inherited": true, - "value": "%BASE_DIR%/var/debug", - }, - "com.iplanet.services.debug.level": { - "inherited": true, - "value": "off", - }, - "com.sun.services.debug.mergeall": { - "inherited": true, - "value": "on", - }, - }, - "amconfig.header.installdir": { - "com.iplanet.am.locale": { - "inherited": false, - "value": "en_US", - }, - "com.iplanet.am.util.xml.validating": { - "inherited": true, - "value": "off", - }, - "com.iplanet.services.configpath": { - "inherited": false, - "value": "/home/prestonhales/am", - }, - "com.sun.identity.client.notification.url": { - "inherited": true, - "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", - }, - }, - "amconfig.header.mailserver": { - "com.iplanet.am.smtphost": { - "inherited": true, - "value": "localhost", - }, - "com.iplanet.am.smtpport": { - "inherited": true, - "value": "25", + "meta": Any, + "service": { + "saml2": { + "_id": "", + "_type": { + "_id": "saml2", + "collection": false, + "name": "SAML v2.0 Service Configuration", + }, + "bufferLength": 2048, + "caCertValidation": false, + "cacheCleanupInterval": 600, + "encryptedKeyInKeyInfo": true, + "idpDiscoveryCookieType": "PERSISTENT", + "idpDiscoveryUrlSchema": "HTTPS", + "location": "global", + "nameIDInfoAttribute": "sun-fm-saml2-nameid-info", + "nameIDInfoKeyAttribute": "sun-fm-saml2-nameid-infokey", + "nextDescendents": [], + "signingCertValidation": false, + "xmlEncryptionClass": "com.sun.identity.saml2.xmlenc.FMEncProvider", + "xmlSigningClass": "com.sun.identity.saml2.xmlsig.FMSigProvider", }, }, - "amconfig.header.site": { - "singleChoiceSite": "[Empty]", - }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/sdk.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/security.service.json 1`] = ` { - "_id": "01/properties/sdk", - "amconfig.header.cachingreplica": { - "com.iplanet.am.sdk.cache.maxSize": { - "inherited": true, - "value": "10000", - }, - }, - "amconfig.header.datastore": { - "com.sun.identity.sm.enableDataStoreNotification": { - "inherited": false, - "value": true, - }, - "com.sun.identity.sm.notification.threadpool.size": { - "inherited": true, - "value": "1", - }, - }, - "amconfig.header.eventservice": { - "com.iplanet.am.event.connection.delay.between.retries": { - "inherited": true, - "value": "3000", - }, - "com.iplanet.am.event.connection.ldap.error.codes.retries": { - "inherited": true, - "value": "80,81,91", - }, - "com.iplanet.am.event.connection.num.retries": { - "inherited": true, - "value": "3", - }, - "com.sun.am.event.connection.disable.list": { - "inherited": false, - "value": "aci,um", - }, - }, - "amconfig.header.ldapconnection": { - "com.iplanet.am.ldap.connection.delay.between.retries": { - "inherited": true, - "value": "1000", - }, - "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { - "inherited": false, - "value": "80,81,91", - }, - "com.iplanet.am.ldap.connection.num.retries": { - "inherited": true, - "value": "3", - }, - }, - "amconfig.header.sdktimetoliveconfig": { - "com.iplanet.am.sdk.cache.entry.default.expire.time": { - "inherited": true, - "value": "30", - }, - "com.iplanet.am.sdk.cache.entry.expire.enabled": { - "inherited": true, - "value": false, - }, - "com.iplanet.am.sdk.cache.entry.user.expire.time": { - "inherited": true, - "value": "15", + "meta": Any, + "service": { + "security": { + "_id": "", + "_type": { + "_id": "security", + "collection": false, + "name": "Legacy User Self Service", + }, + "defaults": { + "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", + "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "forgotPasswordEnabled": false, + "forgotPasswordTokenLifetime": 900, + "protectedUserAttributes": [], + "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "selfRegistrationEnabled": false, + "selfRegistrationTokenLifetime": 900, + "selfServiceEnabled": false, + "userRegisteredDestination": "default", + }, + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/security.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/selfService.service.json 1`] = ` { - "_id": "01/properties/security", - "amconfig.header.cookie": { - "com.iplanet.am.cookie.encode": { - "inherited": true, - "value": false, - }, - "com.iplanet.am.cookie.name": { - "inherited": true, - "value": "iPlanetDirectoryPro", - }, - "com.iplanet.am.cookie.secure": { - "inherited": true, - "value": false, - }, - }, - "amconfig.header.crlcache": { - "com.sun.identity.crl.cache.directory.host": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.mtlsenabled": { - "inherited": true, - "value": false, - }, - "com.sun.identity.crl.cache.directory.password": { - "inherited": true, - "value": null, - }, - "com.sun.identity.crl.cache.directory.port": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.searchattr": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.searchlocs": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.ssl": { - "inherited": true, - "value": false, - }, - "com.sun.identity.crl.cache.directory.user": { - "inherited": true, - "value": "", - }, - }, - "amconfig.header.deserialisationwhitelist": { - "openam.deserialisation.classes.whitelist": { - "inherited": true, - "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + "meta": Any, + "service": { + "selfService": { + "_id": "", + "_type": { + "_id": "selfService", + "collection": false, + "name": "User Self-Service", + }, + "defaults": { + "advancedConfig": { + "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", + "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", + "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", + "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", + "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", + }, + "forgottenPassword": { + "forgottenPasswordCaptchaEnabled": false, + "forgottenPasswordEmailBody": [ + "en|

Click on this link to reset your password.

", + ], + "forgottenPasswordEmailSubject": [ + "en|Forgotten password email", + ], + "forgottenPasswordEmailVerificationEnabled": true, + "forgottenPasswordEnabled": false, + "forgottenPasswordKbaEnabled": false, + "forgottenPasswordTokenPaddingLength": 450, + "forgottenPasswordTokenTTL": 300, + "numberOfAllowedAttempts": 1, + "numberOfAttemptsEnforced": false, + }, + "forgottenUsername": { + "forgottenUsernameCaptchaEnabled": false, + "forgottenUsernameEmailBody": [ + "en|

Your username is %username%.

", + ], + "forgottenUsernameEmailSubject": [ + "en|Forgotten username email", + ], + "forgottenUsernameEmailUsernameEnabled": true, + "forgottenUsernameEnabled": false, + "forgottenUsernameKbaEnabled": false, + "forgottenUsernameShowUsernameEnabled": false, + "forgottenUsernameTokenTTL": 300, + }, + "generalConfig": { + "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", + "kbaQuestions": [ + "4|en|What is your mother's maiden name?", + "3|en|What was the name of your childhood pet?", + "2|en|What was the model of your first car?", + "1|en|What is the name of your favourite restaurant?", + ], + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "validQueryAttributes": [ + "uid", + "mail", + "givenName", + "sn", + ], + }, + "profileManagement": { + "profileAttributeWhitelist": [ + "uid", + "telephoneNumber", + "mail", + "kbaInfo", + "givenName", + "sn", + "cn", + ], + "profileProtectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + }, + "userRegistration": { + "userRegisteredDestination": "default", + "userRegistrationCaptchaEnabled": false, + "userRegistrationEmailBody": [ + "en|

Click on this link to register.

", + ], + "userRegistrationEmailSubject": [ + "en|Registration email", + ], + "userRegistrationEmailVerificationEnabled": true, + "userRegistrationEmailVerificationFirstEnabled": false, + "userRegistrationEnabled": false, + "userRegistrationKbaEnabled": false, + "userRegistrationTokenTTL": 300, + "userRegistrationValidUserAttributes": [ + "userPassword", + "mail", + "givenName", + "kbaInfo", + "inetUserStatus", + "sn", + "username", + ], + }, + }, + "location": "global", + "nextDescendents": [], }, }, - "amconfig.header.encryption": { - "am.encryption.pwd": { - "inherited": false, - "value": "efSYcwIhr7uKH30rgciGTVTFzb63LhYu", - }, - "am.encryption.secret.alias": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.enabled": { - "inherited": true, - "value": false, - }, - "am.encryption.secret.keyPass": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystoreFile": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystorePass": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystoreType": { - "inherited": true, - "value": "JCEKS", - }, - "com.iplanet.security.SecureRandomFactoryImpl": { - "inherited": true, - "value": "com.iplanet.am.util.SecureRandomFactoryImpl", - }, - "com.iplanet.security.encryptor": { - "inherited": true, - "value": "com.iplanet.services.util.JCEEncryption", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/selfServiceTrees.service.json 1`] = ` +{ + "meta": Any, + "service": { + "selfServiceTrees": { + "_id": "", + "_type": { + "_id": "selfServiceTrees", + "collection": false, + "name": "Self Service Trees", + }, + "defaults": { + "enabled": true, + "treeMapping": {}, + }, + "location": "global", + "nextDescendents": [], }, }, - "amconfig.header.ocsp.check": { - "com.sun.identity.authentication.ocsp.responder.nickname": { - "inherited": true, - "value": "", - }, - "com.sun.identity.authentication.ocsp.responder.url": { - "inherited": true, - "value": "", - }, - "com.sun.identity.authentication.ocspCheck": { - "inherited": true, - "value": false, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/session.service.json 1`] = ` +{ + "meta": Any, + "service": { + "session": { + "_id": "", + "_type": { + "_id": "session", + "collection": false, + "name": "Session", + }, + "dynamic": { + "maxCachingTime": 3, + "maxIdleTime": 30, + "maxSessionTime": 120, + "quotaLimit": 5, + }, + "general": { + "crossUpgradeReferenceFlag": false, + "dnRestrictionOnly": false, + "latestAccessTimeUpdateFrequency": 60, + "timeoutHandlers": [], + }, + "location": "global", + "nextDescendents": [], + "notifications": { + "notificationPropertyList": [], + "propertyChangeNotifications": "OFF", + }, + "quotas": { + "behaviourWhenQuotaExhausted": "org.forgerock.openam.session.service.DestroyNextExpiringAction", + "denyLoginWhenRepoDown": "NO", + "iplanet-am-session-enable-session-constraint": "OFF", + "quotaConstraintMaxWaitTime": 6000, + }, + "search": { + "maxSessionListSize": 120, + "sessionListRetrievalTimeout": 5, + }, + "stateless": { + "openam-session-stateless-blacklist-cache-size": 10000, + "openam-session-stateless-blacklist-poll-interval": 60, + "openam-session-stateless-blacklist-purge-delay": 1, + "openam-session-stateless-enable-session-blacklisting": false, + "openam-session-stateless-logout-poll-interval": 60, + "statelessCompressionType": "NONE", + "statelessEncryptionAesKey": null, + "statelessEncryptionType": "DIRECT", + "statelessLogoutByUser": false, + "statelessSigningHmacSecret": null, + "statelessSigningType": "HS256", + }, }, }, - "amconfig.header.securitykey": { - "com.sun.identity.saml.xmlsig.certalias": { - "inherited": true, - "value": "test", - }, - "com.sun.identity.saml.xmlsig.keypass": { - "inherited": true, - "value": "%BASE_DIR%/security/secrets/default/.keypass", - }, - "com.sun.identity.saml.xmlsig.keystore": { - "inherited": true, - "value": "%BASE_DIR%/security/keystores/keystore.jceks", - }, - "com.sun.identity.saml.xmlsig.storepass": { - "inherited": true, - "value": "%BASE_DIR%/security/secrets/default/.storepass", - }, - "com.sun.identity.saml.xmlsig.storetype": { - "inherited": true, - "value": "JCEKS", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/socialauthentication.service.json 1`] = ` +{ + "meta": Any, + "service": { + "socialauthentication": { + "_id": "", + "_type": { + "_id": "socialauthentication", + "collection": false, + "name": "Social Authentication Implementations", + }, + "defaults": { + "authenticationChains": {}, + "displayNames": {}, + "enabledKeys": [], + "icons": {}, + }, + "location": "global", + "nextDescendents": [], }, }, - "amconfig.header.validation": { - "com.iplanet.am.clientIPCheckEnabled": { - "inherited": true, - "value": false, - }, - "com.iplanet.services.comm.server.pllrequest.maxContentLength": { - "inherited": true, - "value": "16384", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/transaction.service.json 1`] = ` +{ + "meta": Any, + "service": { + "transaction": { + "_id": "", + "_type": { + "_id": "transaction", + "collection": false, + "name": "Transaction Authentication Service", + }, + "defaults": { + "timeToLive": "180", + }, + "location": "global", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/session.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/uma.service.json 1`] = ` { - "_id": "01/properties/session", - "amconfig.header.sessionlogging": { - "com.iplanet.am.stats.interval": { - "inherited": true, - "value": "60", - }, - "com.iplanet.services.stats.directory": { - "inherited": true, - "value": "%BASE_DIR%/var/stats", - }, - "com.iplanet.services.stats.state": { - "inherited": true, - "value": "file", - }, - "com.sun.am.session.enableHostLookUp": { - "inherited": true, - "value": false, - }, - }, - "amconfig.header.sessionnotification": { - "com.iplanet.am.notification.threadpool.size": { - "inherited": true, - "value": "10", - }, - "com.iplanet.am.notification.threadpool.threshold": { - "inherited": true, - "value": "5000", - }, - }, - "amconfig.header.sessionthresholds": { - "com.iplanet.am.session.invalidsessionmaxtime": { - "inherited": true, - "value": "3", - }, - "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { - "inherited": true, - "value": "5000", - }, - }, - "amconfig.header.sessionvalidation": { - "com.sun.am.session.caseInsensitiveDN": { - "inherited": true, - "value": true, + "meta": Any, + "service": { + "uma": { + "_id": "", + "_type": { + "_id": "uma", + "collection": false, + "name": "UMA Provider", + }, + "defaults": { + "claimsGathering": { + "claimsGatheringService": "[Empty]", + "interactiveClaimsGatheringEnabled": false, + "pctLifetime": 604800, + }, + "generalSettings": { + "deletePoliciesOnDeleteRS": true, + "deleteResourceSetsOnDeleteRS": true, + "emailRequestingPartyOnPendingRequestApproval": true, + "emailResourceOwnerOnPendingRequestCreation": true, + "grantResourceOwnerImplicitConsent": true, + "grantRptConditions": [ + "REQUEST_PARTIAL", + "REQUEST_NONE", + "TICKET_PARTIAL", + ], + "pendingRequestsEnabled": true, + "permissionTicketLifetime": 120, + "resharingMode": "IMPLICIT", + "userProfileLocaleAttribute": "inetOrgPerson", + }, + }, + "location": "global", + "nextDescendents": [], + "umaPolicyUpgradeCompatibilityMode": false, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/01/uma.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/user.service.json 1`] = ` { - "_id": "01/properties/uma", - "amconfig.org.forgerock.services.resourcesets.store.common.section": { - "org.forgerock.services.resourcesets.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.resourcesets.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.resourcesets.store.root.suffix": { - "inherited": true, - "value": "", + "meta": Any, + "service": { + "user": { + "_id": "", + "_type": { + "_id": "user", + "collection": false, + "name": "User", + }, + "dynamic": { + "defaultUserStatus": "Active", + }, + "location": "global", + "nextDescendents": [], }, }, - "amconfig.org.forgerock.services.resourcesets.store.external.section": { - "org.forgerock.services.resourcesets.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.resourcesets.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.resourcesets.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.starttls.enabled": { - "inherited": true, - "value": "", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/validation.service.json 1`] = ` +{ + "meta": Any, + "service": { + "validation": { + "_id": "", + "_type": { + "_id": "validation", + "collection": false, + "name": "Validation Service", + }, + "defaults": { + "validGotoDestinations": [], + }, + "location": "global", + "nextDescendents": [], + "validGotoDestinations": [], }, }, - "amconfig.org.forgerock.services.uma.labels.store.common.section": { - "org.forgerock.services.uma.labels.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.uma.labels.store.max.connections": { - "inherited": true, - "value": "2", - }, - "org.forgerock.services.uma.labels.store.root.suffix": { - "inherited": true, - "value": "", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/site/testsite.site.json 1`] = ` +{ + "meta": Any, + "site": { + "testsite": { + "_id": "testsite", + "secondaryURLs": [], + "servers": [ + { + "id": "03", + "url": "http://localhost:8081/am", + }, + ], + "url": "http://testurl.com:8080", }, }, - "amconfig.org.forgerock.services.uma.labels.store.external.section": { - "org.forgerock.services.uma.labels.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.labels.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.uma.labels.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.starttls.enabled": { - "inherited": true, - "value": "", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/webhookService/webhooks.webhookService.json 1`] = ` +{ + "meta": Any, + "webhookService": { + "webhooks": { + "_id": "", + "_type": { + "_id": "webhooks", + "collection": false, + "name": "Webhook Service", + }, }, }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { - "org.forgerock.services.uma.pendingrequests.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.uma.pendingrequests.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.pendingrequests.store.root.suffix": { - "inherited": true, - "value": "", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/Test-IG.agent.json 1`] = ` +{ + "agent": { + "Test IG": { + "_id": "Test IG", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "secretLabelIdentifier": null, + "status": "Active", + "userpassword": null, }, }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { - "org.forgerock.services.uma.pendingrequests.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.pendingrequests.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/Test-SOAP-STS.agent.json 1`] = ` +{ + "agent": { + "Test SOAP STS": { + "_id": "Test SOAP STS", + "_type": { + "_id": "SoapSTSAgent", + "collection": true, + "name": "SOAP STS Agents", + }, + "agentgroup": null, + "publishServicePollInterval": 300, }, }, - "amconfig.org.forgerock.services.umaaudit.store.common.section": { - "org.forgerock.services.umaaudit.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.umaaudit.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.umaaudit.store.root.suffix": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/Test-Web.agent.json 1`] = ` +{ + "agent": { + "Test Web": { + "_id": "Test Web", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testurl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Active", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, }, }, - "amconfig.org.forgerock.services.umaaudit.store.external.section": { - "org.forgerock.services.umaaudit.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.umaaudit.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.umaaudit.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/my-policy-agent.agent.json 1`] = ` +{ + "agent": { + "my-policy-agent": { + "_id": "my-policy-agent", + "_type": { + "_id": "2.2_Agent", + "collection": true, + "name": "Policy Agents", + }, + "cdssoRootUrl": [], + "description": null, + "status": "Active", + "userpassword": null, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/test.agent.json 1`] = ` { - "defaultProperties": { - "advanced": "file://default/advanced.default.properties.server.json", - "cts": "file://default/cts.default.properties.server.json", - "general": "file://default/general.default.properties.server.json", - "sdk": "file://default/sdk.default.properties.server.json", - "security": "file://default/security.default.properties.server.json", - "session": "file://default/session.default.properties.server.json", - "uma": "file://default/uma.default.properties.server.json", + "agent": { + "test": { + "_id": "test", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "agentgroup": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, + }, }, "meta": Any, - "server": { - "03": { - "_id": "03", - "properties": { - "advanced": "file://03/advanced.properties.server.json", - "cts": "file://03/cts.properties.server.json", - "directoryConfiguration": "file://03/directoryConfiguration.properties.server.json", - "general": "file://03/general.properties.server.json", - "sdk": "file://03/sdk.properties.server.json", - "security": "file://03/security.properties.server.json", - "session": "file://03/session.properties.server.json", - "uma": "file://03/uma.properties.server.json", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/test-java.agent.json 1`] = ` +{ + "agent": { + "test java": { + "_id": "test java", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": "Test Java Group", + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/test/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/test/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, }, - "siteName": "testsite", - "url": "http://localhost:8081/am", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/advanced.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/test-software-publisher.agent.json 1`] = ` { - "_id": "03/properties/advanced", - "com.iplanet.am.lbcookie.value": "03", + "agent": { + "test software publisher": { + "_id": "test software publisher", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "agentgroup": null, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", + }, + }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/cts.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Oauth2-group.agentGroup.json 1`] = ` { - "_id": "03/properties/cts", - "amconfig.org.forgerock.services.cts.store.common.section": { - "org.forgerock.services.cts.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.cts.store.max.connections": { - "inherited": true, - "value": "100", - }, - "org.forgerock.services.cts.store.page.size": { - "inherited": true, - "value": "0", - }, - "org.forgerock.services.cts.store.root.suffix": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.vlv.page.size": { - "inherited": true, - "value": "1000", + "agentGroup": { + "Oauth2 group": { + "_id": "Oauth2 group", + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, }, }, - "amconfig.org.forgerock.services.cts.store.external.section": { - "org.forgerock.services.cts.store.affinity.enabled": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.cts.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.cts.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.cts.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Remote-consent-group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Remote consent group": { + "_id": "Remote consent group", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/directoryConfiguration.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Software-publisher-group.agentGroup.json 1`] = ` { - "_id": "03/properties/directoryConfiguration", - "directoryConfiguration": { - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "maxConnectionPool": 10, - "minConnectionPool": 1, - "mtlsAlias": "", - "mtlsEnabled": false, - "mtlsKeyPasswordFile": "", - "mtlsKeyStoreFile": "", - "mtlsKeyStorePasswordFile": "", - "mtlsKeyStoreType": null, - }, - "directoryServers": [ - { - "connectionType": "SSL", - "hostName": "localhost", - "portNumber": "50636", - "serverName": "Server1", + "agentGroup": { + "Software publisher group": { + "_id": "Software publisher group", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", }, - ], + }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/general.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-IG-Group.agentGroup.json 1`] = ` { - "_id": "03/properties/general", - "amconfig.header.debug": { - "com.iplanet.services.debug.directory": { - "inherited": true, - "value": "%BASE_DIR%/var/debug", - }, - "com.iplanet.services.debug.level": { - "inherited": true, - "value": "off", - }, - "com.sun.services.debug.mergeall": { - "inherited": true, - "value": "on", - }, - }, - "amconfig.header.installdir": { - "com.iplanet.am.locale": { - "inherited": true, - "value": "en_US", - }, - "com.iplanet.am.util.xml.validating": { - "inherited": true, - "value": "off", - }, - "com.iplanet.services.configpath": { - "inherited": true, - "value": "%BASE_DIR%", - }, - "com.sun.identity.client.notification.url": { - "inherited": true, - "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", - }, - }, - "amconfig.header.mailserver": { - "com.iplanet.am.smtphost": { - "inherited": true, - "value": "localhost", - }, - "com.iplanet.am.smtpport": { - "inherited": true, - "value": "25", + "agentGroup": { + "Test IG Group": { + "_id": "Test IG Group", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "status": "Active", }, }, - "amconfig.header.site": { - "singleChoiceSite": "testsite", - }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/sdk.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-Java-Group.agentGroup.json 1`] = ` { - "_id": "03/properties/sdk", - "amconfig.header.cachingreplica": { - "com.iplanet.am.sdk.cache.maxSize": { - "inherited": true, - "value": "10000", - }, - }, - "amconfig.header.datastore": { - "com.sun.identity.sm.enableDataStoreNotification": { - "inherited": true, - "value": false, - }, - "com.sun.identity.sm.notification.threadpool.size": { - "inherited": true, - "value": "1", - }, - }, - "amconfig.header.eventservice": { - "com.iplanet.am.event.connection.delay.between.retries": { - "inherited": true, - "value": "3000", - }, - "com.iplanet.am.event.connection.ldap.error.codes.retries": { - "inherited": true, - "value": "80,81,91", - }, - "com.iplanet.am.event.connection.num.retries": { - "inherited": true, - "value": "3", - }, - "com.sun.am.event.connection.disable.list": { - "inherited": true, - "value": "aci,um,sm", - }, - }, - "amconfig.header.ldapconnection": { - "com.iplanet.am.ldap.connection.delay.between.retries": { - "inherited": true, - "value": "1000", - }, - "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { - "inherited": true, - "value": "80,81,91", - }, - "com.iplanet.am.ldap.connection.num.retries": { - "inherited": true, - "value": "3", - }, - }, - "amconfig.header.sdktimetoliveconfig": { - "com.iplanet.am.sdk.cache.entry.default.expire.time": { - "inherited": true, - "value": "30", - }, - "com.iplanet.am.sdk.cache.entry.expire.enabled": { - "inherited": true, - "value": false, - }, - "com.iplanet.am.sdk.cache.entry.user.expire.time": { - "inherited": true, - "value": "15", + "agentGroup": { + "Test Java Group": { + "_id": "Test Java Group", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": null, + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": {}, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": null, + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/security.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-SOAP-STS-group.agentGroup.json 1`] = ` { - "_id": "03/properties/security", - "amconfig.header.cookie": { - "com.iplanet.am.cookie.encode": { - "inherited": true, - "value": false, - }, - "com.iplanet.am.cookie.name": { - "inherited": true, - "value": "iPlanetDirectoryPro", - }, - "com.iplanet.am.cookie.secure": { - "inherited": true, - "value": false, - }, - }, - "amconfig.header.crlcache": { - "com.sun.identity.crl.cache.directory.host": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.mtlsenabled": { - "inherited": true, - "value": false, - }, - "com.sun.identity.crl.cache.directory.password": { - "inherited": true, - "value": null, - }, - "com.sun.identity.crl.cache.directory.port": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.searchattr": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.searchlocs": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.ssl": { - "inherited": true, - "value": false, - }, - "com.sun.identity.crl.cache.directory.user": { - "inherited": true, - "value": "", - }, - }, - "amconfig.header.deserialisationwhitelist": { - "openam.deserialisation.classes.whitelist": { - "inherited": true, - "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", - }, - }, - "amconfig.header.encryption": { - "am.encryption.pwd": { - "inherited": true, - "value": "@AM_ENC_PWD@", - }, - "am.encryption.secret.alias": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.enabled": { - "inherited": true, - "value": false, - }, - "am.encryption.secret.keyPass": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystoreFile": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystorePass": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystoreType": { - "inherited": true, - "value": "JCEKS", - }, - "com.iplanet.security.SecureRandomFactoryImpl": { - "inherited": true, - "value": "com.iplanet.am.util.SecureRandomFactoryImpl", - }, - "com.iplanet.security.encryptor": { - "inherited": true, - "value": "com.iplanet.services.util.JCEEncryption", - }, - }, - "amconfig.header.ocsp.check": { - "com.sun.identity.authentication.ocsp.responder.nickname": { - "inherited": true, - "value": "", - }, - "com.sun.identity.authentication.ocsp.responder.url": { - "inherited": true, - "value": "", - }, - "com.sun.identity.authentication.ocspCheck": { - "inherited": true, - "value": false, - }, - }, - "amconfig.header.securitykey": { - "com.sun.identity.saml.xmlsig.certalias": { - "inherited": true, - "value": "test", - }, - "com.sun.identity.saml.xmlsig.keypass": { - "inherited": true, - "value": "%BASE_DIR%/security/secrets/default/.keypass", - }, - "com.sun.identity.saml.xmlsig.keystore": { - "inherited": true, - "value": "%BASE_DIR%/security/keystores/keystore.jceks", - }, - "com.sun.identity.saml.xmlsig.storepass": { - "inherited": true, - "value": "%BASE_DIR%/security/secrets/default/.storepass", - }, - "com.sun.identity.saml.xmlsig.storetype": { - "inherited": true, - "value": "JCEKS", - }, - }, - "amconfig.header.validation": { - "com.iplanet.am.clientIPCheckEnabled": { - "inherited": true, - "value": false, - }, - "com.iplanet.services.comm.server.pllrequest.maxContentLength": { - "inherited": true, - "value": "16384", + "agentGroup": { + "Test SOAP STS group": { + "_id": "Test SOAP STS group", + "_type": { + "_id": "SoapSTSAgent", + "collection": true, + "name": "SOAP STS Agents", + }, + "publishServicePollInterval": 300, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/session.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-Web-Group.agentGroup.json 1`] = ` { - "_id": "03/properties/session", - "amconfig.header.sessionlogging": { - "com.iplanet.am.stats.interval": { - "inherited": true, - "value": "60", - }, - "com.iplanet.services.stats.directory": { - "inherited": true, - "value": "%BASE_DIR%/var/stats", - }, - "com.iplanet.services.stats.state": { - "inherited": true, - "value": "file", - }, - "com.sun.am.session.enableHostLookUp": { - "inherited": true, - "value": false, - }, - }, - "amconfig.header.sessionnotification": { - "com.iplanet.am.notification.threadpool.size": { - "inherited": true, - "value": "10", - }, - "com.iplanet.am.notification.threadpool.threshold": { - "inherited": true, - "value": "5000", - }, - }, - "amconfig.header.sessionthresholds": { - "com.iplanet.am.session.invalidsessionmaxtime": { - "inherited": true, - "value": "3", - }, - "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { - "inherited": true, - "value": "5000", - }, - }, - "amconfig.header.sessionvalidation": { - "com.sun.am.session.caseInsensitiveDN": { - "inherited": true, - "value": true, + "agentGroup": { + "Test Web Group": { + "_id": "Test Web Group", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/03/uma.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Trusted-JWT-group.agentGroup.json 1`] = ` { - "_id": "03/properties/uma", - "amconfig.org.forgerock.services.resourcesets.store.common.section": { - "org.forgerock.services.resourcesets.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.resourcesets.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.resourcesets.store.root.suffix": { - "inherited": true, - "value": "", - }, - }, - "amconfig.org.forgerock.services.resourcesets.store.external.section": { - "org.forgerock.services.resourcesets.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.resourcesets.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.resourcesets.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.starttls.enabled": { - "inherited": true, - "value": "", + "agentGroup": { + "Trusted JWT group": { + "_id": "Trusted JWT group", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", + }, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", }, }, - "amconfig.org.forgerock.services.uma.labels.store.common.section": { - "org.forgerock.services.uma.labels.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.uma.labels.store.max.connections": { - "inherited": true, - "value": "2", - }, - "org.forgerock.services.uma.labels.store.root.suffix": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/testwebgroup.agentGroup.json 1`] = ` +{ + "agentGroup": { + "testwebgroup": { + "_id": "testwebgroup", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://test.com:8080/cool/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, }, }, - "amconfig.org.forgerock.services.uma.labels.store.external.section": { - "org.forgerock.services.uma.labels.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.labels.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.uma.labels.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` +{ + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", }, }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { - "org.forgerock.services.uma.pendingrequests.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.uma.pendingrequests.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.pendingrequests.store.root.suffix": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` +{ + "applicationTypes": { + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", }, }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { - "org.forgerock.services.uma.pendingrequests.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.pendingrequests.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` +{ + "applicationTypes": { + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", }, }, - "amconfig.org.forgerock.services.umaaudit.store.common.section": { - "org.forgerock.services.umaaudit.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.umaaudit.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.umaaudit.store.root.suffix": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authentication/root.authentication.settings.json 1`] = ` +{ + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", }, - }, - "amconfig.org.forgerock.services.umaaudit.store.external.section": { - "org.forgerock.services.umaaudit.store.directory.name": { - "inherited": true, - "value": "", + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, }, - "org.forgerock.services.umaaudit.store.heartbeat": { - "inherited": true, - "value": "10", + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", }, - "org.forgerock.services.umaaudit.store.loginid": { - "inherited": true, - "value": "", + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], }, - "org.forgerock.services.umaaudit.store.mtls.enabled": { - "inherited": true, - "value": "", + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, }, - "org.forgerock.services.umaaudit.store.password": { - "inherited": true, - "value": null, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], }, - "org.forgerock.services.umaaudit.store.ssl.enabled": { - "inherited": true, - "value": "", + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, }, - "org.forgerock.services.umaaudit.store.starttls.enabled": { - "inherited": true, - "value": "", + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationChains/amsterService.authenticationChains.json 1`] = ` { - "defaultProperties": { - "advanced": "file://default/advanced.default.properties.server.json", - "cts": "file://default/cts.default.properties.server.json", - "general": "file://default/general.default.properties.server.json", - "sdk": "file://default/sdk.default.properties.server.json", - "security": "file://default/security.default.properties.server.json", - "session": "file://default/session.default.properties.server.json", - "uma": "file://default/uma.default.properties.server.json", - }, - "meta": Any, - "server": { - "04": { - "_id": "04", - "properties": { - "advanced": "file://04/advanced.properties.server.json", - "cts": "file://04/cts.properties.server.json", - "directoryConfiguration": "file://04/directoryConfiguration.properties.server.json", - "general": "file://04/general.properties.server.json", - "sdk": "file://04/sdk.properties.server.json", - "security": "file://04/security.properties.server.json", - "session": "file://04/session.properties.server.json", - "uma": "file://04/uma.properties.server.json", + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", }, - "siteName": null, - "url": "http://localhost:8082/am", + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/advanced.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationChains/ldapService.authenticationChains.json 1`] = ` { - "_id": "04/properties/advanced", - "com.iplanet.am.lbcookie.value": "04", + "authenticationChains": { + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/cts.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/amster.authenticationModules.json 1`] = ` { - "_id": "04/properties/cts", - "amconfig.org.forgerock.services.cts.store.common.section": { - "org.forgerock.services.cts.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.cts.store.max.connections": { - "inherited": true, - "value": "100", - }, - "org.forgerock.services.cts.store.page.size": { - "inherited": true, - "value": "0", - }, - "org.forgerock.services.cts.store.root.suffix": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.vlv.page.size": { - "inherited": true, - "value": "1000", + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster", + }, + "authenticationLevel": 0, + "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", + "enabled": true, }, }, - "amconfig.org.forgerock.services.cts.store.external.section": { - "org.forgerock.services.cts.store.affinity.enabled": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.cts.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.cts.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.cts.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.cts.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/datastore.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store", + }, + "authenticationLevel": 0, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/directoryConfiguration.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/federation.authenticationModules.json 1`] = ` { - "_id": "04/properties/directoryConfiguration", - "directoryConfiguration": { - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "maxConnectionPool": 10, - "minConnectionPool": 1, - "mtlsAlias": "", - "mtlsEnabled": false, - "mtlsKeyPasswordFile": "", - "mtlsKeyStoreFile": "", - "mtlsKeyStorePasswordFile": "", - "mtlsKeyStoreType": null, - }, - "directoryServers": [ - { - "connectionType": "SSL", - "hostName": "localhost", - "portNumber": "50636", - "serverName": "Server1", + "authenticationModules": { + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation", + }, + "authenticationLevel": 0, }, - ], + }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/general.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/hotp.authenticationModules.json 1`] = ` { - "_id": "04/properties/general", - "amconfig.header.debug": { - "com.iplanet.services.debug.directory": { - "inherited": true, - "value": "%BASE_DIR%/var/debug", - }, - "com.iplanet.services.debug.level": { - "inherited": true, - "value": "off", - }, - "com.sun.services.debug.mergeall": { - "inherited": true, - "value": "on", + "authenticationModules": { + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP", + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", }, }, - "amconfig.header.installdir": { - "com.iplanet.am.locale": { - "inherited": true, - "value": "en_US", - }, - "com.iplanet.am.util.xml.validating": { - "inherited": true, - "value": "off", - }, - "com.iplanet.services.configpath": { - "inherited": true, - "value": "%BASE_DIR%", - }, - "com.sun.identity.client.notification.url": { - "inherited": true, - "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/ldap.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP", + }, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAPS", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], }, }, - "amconfig.header.mailserver": { - "com.iplanet.am.smtphost": { - "inherited": true, - "value": "localhost", - }, - "com.iplanet.am.smtpport": { - "inherited": true, - "value": "25", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/oath.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": true, + "name": "OATH", + }, + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, }, }, - "amconfig.header.site": { - "singleChoiceSite": "[Empty]", - }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/sdk.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/sae.authenticationModules.json 1`] = ` { - "_id": "04/properties/sdk", - "amconfig.header.cachingreplica": { - "com.iplanet.am.sdk.cache.maxSize": { - "inherited": true, - "value": "10000", + "authenticationModules": { + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": true, + "name": "SAE", + }, + "authenticationLevel": 0, }, }, - "amconfig.header.datastore": { - "com.sun.identity.sm.enableDataStoreNotification": { - "inherited": true, - "value": false, - }, - "com.sun.identity.sm.notification.threadpool.size": { - "inherited": true, - "value": "1", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", }, }, - "amconfig.header.eventservice": { - "com.iplanet.am.event.connection.delay.between.retries": { - "inherited": true, - "value": "3000", - }, - "com.iplanet.am.event.connection.ldap.error.codes.retries": { - "inherited": true, - "value": "80,81,91", - }, - "com.iplanet.am.event.connection.num.retries": { - "inherited": true, - "value": "3", - }, - "com.sun.am.event.connection.disable.list": { - "inherited": true, - "value": "aci,um,sm", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AND.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", }, }, - "amconfig.header.ldapconnection": { - "com.iplanet.am.ldap.connection.delay.between.retries": { - "inherited": true, - "value": "1000", - }, - "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { - "inherited": true, - "value": "80,81,91", - }, - "com.iplanet.am.ldap.connection.num.retries": { - "inherited": true, - "value": "3", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthLevel", }, }, - "amconfig.header.sdktimetoliveconfig": { - "com.iplanet.am.sdk.cache.entry.default.expire.time": { - "inherited": true, - "value": "30", - }, - "com.iplanet.am.sdk.cache.entry.expire.enabled": { - "inherited": true, - "value": false, - }, - "com.iplanet.am.sdk.cache.entry.user.expire.time": { - "inherited": true, - "value": "15", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", + }, + "applicationName": { + "type": "string", + }, + "authScheme": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthScheme", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/security.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` { - "_id": "04/properties/security", - "amconfig.header.cookie": { - "com.iplanet.am.cookie.encode": { - "inherited": true, - "value": false, - }, - "com.iplanet.am.cookie.name": { - "inherited": true, - "value": "iPlanetDirectoryPro", - }, - "com.iplanet.am.cookie.secure": { - "inherited": true, - "value": false, + "conditionTypes": { + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", }, }, - "amconfig.header.crlcache": { - "com.sun.identity.crl.cache.directory.host": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.mtlsenabled": { - "inherited": true, - "value": false, - }, - "com.sun.identity.crl.cache.directory.password": { - "inherited": true, - "value": null, - }, - "com.sun.identity.crl.cache.directory.port": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.searchattr": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.searchlocs": { - "inherited": true, - "value": "", - }, - "com.sun.identity.crl.cache.directory.ssl": { - "inherited": true, - "value": false, - }, - "com.sun.identity.crl.cache.directory.user": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToService", }, }, - "amconfig.header.deserialisationwhitelist": { - "openam.deserialisation.classes.whitelist": { - "inherited": true, - "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv4.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv4", }, }, - "amconfig.header.encryption": { - "am.encryption.pwd": { - "inherited": true, - "value": "@AM_ENC_PWD@", - }, - "am.encryption.secret.alias": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.enabled": { - "inherited": true, - "value": false, - }, - "am.encryption.secret.keyPass": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystoreFile": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystorePass": { - "inherited": true, - "value": null, - }, - "am.encryption.secret.keystoreType": { - "inherited": true, - "value": "JCEKS", - }, - "com.iplanet.security.SecureRandomFactoryImpl": { - "inherited": true, - "value": "com.iplanet.am.util.SecureRandomFactoryImpl", - }, - "com.iplanet.security.encryptor": { - "inherited": true, - "value": "com.iplanet.services.util.JCEEncryption", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv6.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv6", }, }, - "amconfig.header.ocsp.check": { - "com.sun.identity.authentication.ocsp.responder.nickname": { - "inherited": true, - "value": "", - }, - "com.sun.identity.authentication.ocsp.responder.url": { - "inherited": true, - "value": "", - }, - "com.sun.identity.authentication.ocspCheck": { - "inherited": true, - "value": false, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LDAPFilter", }, }, - "amconfig.header.securitykey": { - "com.sun.identity.saml.xmlsig.certalias": { - "inherited": true, - "value": "test", - }, - "com.sun.identity.saml.xmlsig.keypass": { - "inherited": true, - "value": "%BASE_DIR%/security/secrets/default/.keypass", - }, - "com.sun.identity.saml.xmlsig.keystore": { - "inherited": true, - "value": "%BASE_DIR%/security/keystores/keystore.jceks", - }, - "com.sun.identity.saml.xmlsig.storepass": { - "inherited": true, - "value": "%BASE_DIR%/security/secrets/default/.storepass", - }, - "com.sun.identity.saml.xmlsig.storetype": { - "inherited": true, - "value": "JCEKS", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LEAuthLevel", }, }, - "amconfig.header.validation": { - "com.iplanet.am.clientIPCheckEnabled": { - "inherited": true, - "value": false, - }, - "com.iplanet.services.comm.server.pllrequest.maxContentLength": { - "inherited": true, - "value": "16384", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/NOT.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/session.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` { - "_id": "04/properties/session", - "amconfig.header.sessionlogging": { - "com.iplanet.am.stats.interval": { - "inherited": true, - "value": "60", - }, - "com.iplanet.services.stats.directory": { - "inherited": true, - "value": "%BASE_DIR%/var/stats", - }, - "com.iplanet.services.stats.state": { - "inherited": true, - "value": "file", - }, - "com.sun.am.session.enableHostLookUp": { - "inherited": true, - "value": false, + "conditionTypes": { + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "OAuth2Scope", }, }, - "amconfig.header.sessionnotification": { - "com.iplanet.am.notification.threadpool.size": { - "inherited": true, - "value": "10", - }, - "com.iplanet.am.notification.threadpool.threshold": { - "inherited": true, - "value": "5000", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OR.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", }, }, - "amconfig.header.sessionthresholds": { - "com.iplanet.am.session.invalidsessionmaxtime": { - "inherited": true, - "value": "3", - }, - "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { - "inherited": true, - "value": "5000", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Policy.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", }, }, - "amconfig.header.sessionvalidation": { - "com.sun.am.session.caseInsensitiveDN": { - "inherited": true, - "value": true, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "ResourceEnvIP", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/04/uma.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Script.conditionTypes.json 1`] = ` { - "_id": "04/properties/uma", - "amconfig.org.forgerock.services.resourcesets.store.common.section": { - "org.forgerock.services.resourcesets.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.resourcesets.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.resourcesets.store.root.suffix": { - "inherited": true, - "value": "", + "conditionTypes": { + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Script", }, }, - "amconfig.org.forgerock.services.resourcesets.store.external.section": { - "org.forgerock.services.resourcesets.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.resourcesets.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.resourcesets.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.resourcesets.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Session.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", + }, + "terminateSession": { + "required": true, + "type": "boolean", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Session", }, }, - "amconfig.org.forgerock.services.uma.labels.store.common.section": { - "org.forgerock.services.uma.labels.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.uma.labels.store.max.connections": { - "inherited": true, - "value": "2", - }, - "org.forgerock.services.uma.labels.store.root.suffix": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SessionProperty", }, }, - "amconfig.org.forgerock.services.uma.labels.store.external.section": { - "org.forgerock.services.uma.labels.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.labels.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.uma.labels.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.labels.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", + }, + "endDay": { + "type": "string", + }, + "endTime": { + "type": "string", + }, + "enforcementTimeZone": { + "type": "string", + }, + "startDate": { + "type": "string", + }, + "startDay": { + "type": "string", + }, + "startTime": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SimpleTime", }, }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { - "org.forgerock.services.uma.pendingrequests.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.uma.pendingrequests.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.pendingrequests.store.root.suffix": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Transaction.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", + }, + "strategySpecifier": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Transaction", }, }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { - "org.forgerock.services.uma.pendingrequests.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.uma.pendingrequests.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/cot/Test-COT.cot.saml.json 1`] = ` +{ + "meta": Any, + "saml": { + "cot": { + "Test COT": { + "_id": "Test COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [], + }, }, + "hosted": {}, + "metadata": {}, + "remote": {}, }, - "amconfig.org.forgerock.services.umaaudit.store.common.section": { - "org.forgerock.services.umaaudit.store.location": { - "inherited": true, - "value": "default", - }, - "org.forgerock.services.umaaudit.store.max.connections": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.umaaudit.store.root.suffix": { - "inherited": true, - "value": "", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` +{ + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", }, }, - "amconfig.org.forgerock.services.umaaudit.store.external.section": { - "org.forgerock.services.umaaudit.store.directory.name": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.heartbeat": { - "inherited": true, - "value": "10", - }, - "org.forgerock.services.umaaudit.store.loginid": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.mtls.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.password": { - "inherited": true, - "value": null, - }, - "org.forgerock.services.umaaudit.store.ssl.enabled": { - "inherited": true, - "value": "", - }, - "org.forgerock.services.umaaudit.store.starttls.enabled": { - "inherited": true, - "value": "", + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/idp/Google-Test.idp.json 1`] = ` +{ + "idp": { + "Google Test": { + "_id": "Google Test", + "_type": { + "_id": "googleConfig", + "collection": true, + "name": "Client configuration for Google.", + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "test", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://accounts.google.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://testurl.com", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "transform": "58d29080-4563-480b-89bb-1e7719776a21", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "Google", + "buttonImage": "images/g-logo.png", + "iconBackground": "#4184f3", + "iconClass": "fa-google", + "iconFontColor": "white", + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/advanced.default.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Agent.journey.json 1`] = ` { - "_id": "null/properties/advanced", - "com.iplanet.am.buildDate": "2024-March-28 16:00", - "com.iplanet.am.buildRevision": "89116d59a1ebe73ed1931dd3649adb7f217cd06b", - "com.iplanet.am.buildVersion": "ForgeRock Access Management 7.5.0", - "com.iplanet.am.cookie.c66Encode": true, - "com.iplanet.am.daemons": "securid", - "com.iplanet.am.directory.ssl.enabled": false, - "com.iplanet.am.installdir": "%BASE_DIR%", - "com.iplanet.am.jssproxy.SSLTrustHostList": "", - "com.iplanet.am.jssproxy.checkSubjectAltName": false, - "com.iplanet.am.jssproxy.resolveIPAddress": false, - "com.iplanet.am.jssproxy.trustAllServerCerts": false, - "com.iplanet.am.lbcookie.name": "amlbcookie", - "com.iplanet.am.lbcookie.value": "00", - "com.iplanet.am.logstatus": "ACTIVE", - "com.iplanet.am.pcookie.name": "DProPCookie", - "com.iplanet.am.profile.host": "%SERVER_HOST%", - "com.iplanet.am.profile.port": "%SERVER_PORT%", - "com.iplanet.am.serverMode": true, - "com.iplanet.am.session.agentSessionIdleTime": "1440", - "com.iplanet.am.session.client.polling.enable": false, - "com.iplanet.am.session.client.polling.period": "180", - "com.iplanet.am.session.httpSession.enabled": "true", - "com.iplanet.am.version": "ForgeRock Access Management 7.5.0 Build 89116d59a1ebe73ed1931dd3649adb7f217cd06b (2024-March-28 16:00)", - "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", - "com.sun.am.event.notification.expire.time": "5", - "com.sun.embedded.sync.servers": "on", - "com.sun.identity.am.cookie.check": false, - "com.sun.identity.auth.cookieName": "AMAuthCookie", - "com.sun.identity.authentication.multiple.tabs.used": false, - "com.sun.identity.authentication.setCookieToAllDomains": true, - "com.sun.identity.authentication.special.users": "cn=dsameuser,ou=DSAME Users,%ROOT_SUFFIX%|cn=amService-UrlAccessAgent,ou=DSAME Users,%ROOT_SUFFIX%", - "com.sun.identity.authentication.super.user": "uid=amAdmin,ou=People,%ROOT_SUFFIX%", - "com.sun.identity.authentication.uniqueCookieName": "sunIdentityServerAuthNServer", - "com.sun.identity.cookie.httponly": true, - "com.sun.identity.cookie.samesite": "off", - "com.sun.identity.enableUniqueSSOTokenCookie": false, - "com.sun.identity.jss.donotInstallAtHighestPriority": true, - "com.sun.identity.monitoring": "off", - "com.sun.identity.monitoring.local.conn.server.url": "service:jmx:rmi://", - "com.sun.identity.password.deploymentDescriptor": "%SERVER_URI%", - "com.sun.identity.plugin.configuration.class": "@CONFIGURATION_PROVIDER_CLASS@", - "com.sun.identity.plugin.datastore.class.default": "@DATASTORE_PROVIDER_CLASS@", - "com.sun.identity.plugin.log.class": "@LOG_PROVIDER_CLASS@", - "com.sun.identity.plugin.monitoring.agent.class": "@MONAGENT_PROVIDER_CLASS@", - "com.sun.identity.plugin.monitoring.saml2.class": "@MONSAML2_PROVIDER_CLASS@", - "com.sun.identity.plugin.session.class": "@SESSION_PROVIDER_CLASS@", - "com.sun.identity.policy.Policy.policy_evaluation_weights": "10:10:10", - "com.sun.identity.policy.resultsCacheMaxSize": "10000", - "com.sun.identity.policy.resultsCacheResourceCap": "20", - "com.sun.identity.saml.xmlsig.keyprovider.class": "@XMLSIG_KEY_PROVIDER@", - "com.sun.identity.saml.xmlsig.passwordDecoder": "@PASSWORD_DECODER_CLASS@", - "com.sun.identity.saml.xmlsig.signatureprovider.class": "@XML_SIGNATURE_PROVIDER@", - "com.sun.identity.security.checkcaller": false, - "com.sun.identity.server.fqdnMap[dnsfirst]": "dnsfirst", - "com.sun.identity.server.fqdnMap[hello]": "hello", - "com.sun.identity.server.fqdnMap[localhost]": "localhost", - "com.sun.identity.server.fqdnMap[openam-frodo-dev.classic.com]": "openam-frodo-dev.classic.com", - "com.sun.identity.server.fqdnMap[openam]": "openam", - "com.sun.identity.server.fqdnMap[secondDNS]": "secondDNS", - "com.sun.identity.session.repository.enableAttributeCompression": false, - "com.sun.identity.session.repository.enableCompression": false, - "com.sun.identity.session.repository.enableEncryption": false, - "com.sun.identity.sm.cache.ttl": "30", - "com.sun.identity.sm.cache.ttl.enable": false, - "com.sun.identity.url.readTimeout": "30000", - "com.sun.identity.webcontainer": "WEB_CONTAINER", - "dynamic.datastore.creation.enabled": false, - "openam.auth.destroy_session_after_upgrade": true, - "openam.auth.distAuthCookieName": "AMDistAuthCookie", - "openam.auth.session_property_upgrader": "org.forgerock.openam.authentication.service.DefaultSessionPropertyUpgrader", - "openam.auth.version.header.enabled": false, - "openam.authentication.ignore_goto_during_logout": false, - "openam.cdm.default.charset": "UTF-8", - "openam.forbidden.to.copy.headers": "connection", - "openam.forbidden.to.copy.request.headers": "connection", - "openam.oauth2.client.jwt.encryption.algorithm.allow.list": "RSA-OAEP,RSA-OAEP-256,ECDH-ES", - "openam.oauth2.client.jwt.unreasonable.lifetime.limit.minutes": "30", - "openam.retained.http.headers": "X-DSAMEVersion", - "openam.retained.http.request.headers": "X-DSAMEVersion", - "openam.serviceattributevalidator.classes.whitelist": "org.forgerock.openam.auth.nodes.validators.GreaterThanZeroValidator,org.forgerock.openam.auth.nodes.validators.HMACKeyLengthValidator,org.forgerock.openam.auth.nodes.validators.HmacSigningKeyValidator,org.forgerock.openam.auth.nodes.validators.PercentageValidator,org.forgerock.openam.auth.nodes.validators.QueryFilterValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyNameValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyValidator,org.forgerock.openam.auth.nodes.framework.validators.NodeValueValidator,org.forgerock.openam.audit.validation.PositiveIntegerValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.AlphaNumericValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.CodeLengthValidator,org.forgerock.openam.authentication.modules.persistentcookie.validation.SigningKeyValidator,com.sun.identity.common.configuration.DuplicateKeyMapValueValidator,com.sun.identity.common.configuration.AgentClientIpModeValueValidator,com.sun.identity.common.configuration.FilterModeValueValidator,com.sun.identity.common.configuration.GlobalMapValueValidator,com.sun.identity.common.configuration.ListValueValidator,com.sun.identity.common.configuration.MapValueValidator,com.sun.identity.common.configuration.ServerPropertyValidator,com.sun.identity.policy.ResourceComparatorValidator,com.sun.identity.sm.EmailValidator,com.sun.identity.sm.IPAddressValidator,com.sun.identity.sm.RequiredValueValidator,com.sun.identity.sm.ServerIDValidator,com.sun.identity.sm.SiteIDValidator,org.forgerock.openam.sm.validation.Base64EncodedBinaryValidator,org.forgerock.openam.sm.validation.BlankValueValidator,org.forgerock.openam.sm.validation.DurationValidator,org.forgerock.openam.sm.validation.EndpointValidator,org.forgerock.openam.sm.validation.HostnameValidator,org.forgerock.openam.sm.validation.PortValidator,org.forgerock.openam.sm.validation.SecretIdValidator,org.forgerock.openam.sm.validation.StatelessSessionSigningAlgorithmValidator,org.forgerock.openam.sm.validation.StringMapValidator,org.forgerock.openam.sm.validation.URLValidator,org.forgerock.openam.selfservice.config.KeyAliasValidator,org.forgerock.openam.sm.validation.UniqueIndexedValuesValidator,org.forgerock.openam.webhook.HttpHeaderValidator,org.forgerock.oauth2.core.ClientRedirectUriValidator", - "openam.session.case.sensitive.uuid": false, - "org.forgerock.allow.http.client.debug": false, - "org.forgerock.am.auth.chains.authindexuser.strict": true, - "org.forgerock.am.auth.node.otp.inSharedState": false, - "org.forgerock.am.auth.trees.authenticate.identified.identity": true, - "org.forgerock.openam.audit.additionalSuccessStatusCodesEnabled": true, - "org.forgerock.openam.audit.identity.activity.events.blacklist": "AM-ACCESS-ATTEMPT,AM-IDENTITY-CHANGE,AM-GROUP-CHANGE", - "org.forgerock.openam.auth.transactionauth.returnErrorOnAuthFailure": false, - "org.forgerock.openam.authLevel.excludeRequiredOrRequisite": false, - "org.forgerock.openam.authentication.forceAuth.enabled": false, - "org.forgerock.openam.console.autocomplete.enabled": true, - "org.forgerock.openam.core.resource.lookup.cache.enabled": true, - "org.forgerock.openam.core.sms.placeholder_api_enabled": "OFF", - "org.forgerock.openam.devices.recovery.use_insecure_storage": false, - "org.forgerock.openam.encryption.key.digest": "SHA1", - "org.forgerock.openam.encryption.key.iterations": "10000", - "org.forgerock.openam.encryption.key.size": "128", - "org.forgerock.openam.httpclienthandler.system.clients.connection.timeout": "10 seconds", - "org.forgerock.openam.httpclienthandler.system.clients.max.connections": "64", - "org.forgerock.openam.httpclienthandler.system.clients.pool.ttl": "-1", - "org.forgerock.openam.httpclienthandler.system.clients.response.timeout": "10 seconds", - "org.forgerock.openam.httpclienthandler.system.clients.retry.failed.requests.enabled": true, - "org.forgerock.openam.httpclienthandler.system.clients.reuse.connections.enabled": true, - "org.forgerock.openam.httpclienthandler.system.nonProxyHosts": "localhost,127.*,[::1],0.0.0.0,[::0]", - "org.forgerock.openam.httpclienthandler.system.proxy.enabled": false, - "org.forgerock.openam.httpclienthandler.system.proxy.password": null, - "org.forgerock.openam.httpclienthandler.system.proxy.uri": "", - "org.forgerock.openam.httpclienthandler.system.proxy.username": "", - "org.forgerock.openam.idm.attribute.names.lower.case": false, - "org.forgerock.openam.idrepo.ldapv3.passwordpolicy.allowDiagnosticMessage": false, - "org.forgerock.openam.idrepo.ldapv3.proxyauth.passwordreset.adminRequest": "isAdminPasswordChangeRequest", - "org.forgerock.openam.introspect.token.query.param.allowed": false, - "org.forgerock.openam.ldap.dncache.expire.time": "0", - "org.forgerock.openam.ldap.heartbeat.timeout": "10", - "org.forgerock.openam.ldap.keepalive.search.base": "", - "org.forgerock.openam.ldap.keepalive.search.filter": "(objectClass=*)", - "org.forgerock.openam.ldap.secure.protocol.version": "TLSv1.3,TLSv1.2", - "org.forgerock.openam.notifications.agents.enabled": true, - "org.forgerock.openam.oauth2.checkIssuerForIdTokenInfo": true, - "org.forgerock.openam.radius.server.context.cache.size": "5000", - "org.forgerock.openam.redirecturlvalidator.maxUrlLength": "2000", - "org.forgerock.openam.request.max.bytes.entity.size": "1048576", - "org.forgerock.openam.saml2.authenticatorlookup.skewAllowance": "60", - "org.forgerock.openam.scripting.maxinterpreterstackdepth": "10000", - "org.forgerock.openam.secrets.special.user.passwords.format": "ENCRYPTED_PLAIN", - "org.forgerock.openam.secrets.special.user.secret.refresh.seconds": "900", - "org.forgerock.openam.session.service.persistence.deleteAsynchronously": true, - "org.forgerock.openam.session.stateless.encryption.method": "A128CBC-HS256", - "org.forgerock.openam.session.stateless.rsa.padding": "RSA-OAEP-256", - "org.forgerock.openam.session.stateless.signing.allownone": false, - "org.forgerock.openam.showServletTraceInBrowser": false, - "org.forgerock.openam.slf4j.enableTraceInMessage": false, - "org.forgerock.openam.smtp.system.connect.timeout": "10000", - "org.forgerock.openam.smtp.system.socket.read.timeout": "10000", - "org.forgerock.openam.smtp.system.socket.write.timeout": "10000", - "org.forgerock.openam.sso.providers.list": "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOProvider", - "org.forgerock.openam.timerpool.shutdown.retry.interval": "15000", - "org.forgerock.openam.timerpool.shutdown.retry.limit": "3", - "org.forgerock.openam.timerpool.shutdown.retry.multiplier": "1.5", - "org.forgerock.openam.trees.consumedstatedata.cache.size": "15", - "org.forgerock.openam.trees.ids.cache.size": "50", - "org.forgerock.openam.url.connectTimeout": "1000", - "org.forgerock.openam.xui.user.session.validation.enabled": true, - "org.forgerock.openidconnect.ssoprovider.maxcachesize": "5000", - "org.forgerock.security.entitlement.enforce.realm": true, - "org.forgerock.security.oauth2.enforce.sub.claim.uniqueness": true, - "org.forgerock.services.cts.store.reaper.enabled": true, - "org.forgerock.services.cts.store.ttlsupport.enabled": false, - "org.forgerock.services.cts.store.ttlsupport.exclusionlist": "", - "org.forgerock.services.default.store.max.connections": "", - "org.forgerock.services.default.store.min.connections": "", - "org.forgerock.services.openid.request.object.lifespan": "120000", - "securidHelper.ports": "58943", + "meta": Any, + "trees": { + "Agent": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AgentDataStoreDecisionNode", + "collection": true, + "name": "Agent Data Store Decision", + }, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Agent", + "description": "null", + "enabled": true, + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/cts.default.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Example.journey.json 1`] = ` { - "_id": "null/properties/cts", - "amconfig.org.forgerock.services.cts.store.common.section": { - "org.forgerock.services.cts.store.location": "default", - "org.forgerock.services.cts.store.max.connections": "100", - "org.forgerock.services.cts.store.page.size": "0", - "org.forgerock.services.cts.store.root.suffix": "", - "org.forgerock.services.cts.store.vlv.page.size": "1000", - }, - "amconfig.org.forgerock.services.cts.store.external.section": { - "org.forgerock.services.cts.store.directory.name": "", - "org.forgerock.services.cts.store.heartbeat": "10", - "org.forgerock.services.cts.store.loginid": "", - "org.forgerock.services.cts.store.mtls.enabled": "", - "org.forgerock.services.cts.store.password": null, - "org.forgerock.services.cts.store.ssl.enabled": "", - "org.forgerock.services.cts.store.starttls.enabled": "", + "meta": Any, + "trees": { + "Example": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Example", + "description": "null", + "enabled": true, + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "connections": { + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "connections": { + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "connections": { + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/general.default.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` { - "_id": "null/properties/general", - "amconfig.header.debug": { - "com.iplanet.services.debug.directory": "%BASE_DIR%/var/debug", - "com.iplanet.services.debug.level": "off", - "com.sun.services.debug.mergeall": "on", - }, - "amconfig.header.installdir": { - "com.iplanet.am.locale": "en_US", - "com.iplanet.am.util.xml.validating": "off", - "com.iplanet.services.configpath": "%BASE_DIR%", - "com.sun.identity.client.notification.url": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", - }, - "amconfig.header.mailserver": { - "com.iplanet.am.smtphost": "localhost", - "com.iplanet.am.smtpport": "25", + "meta": Any, + "trees": { + "Facebook-ProvisionIDMAccount": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialFacebookNode", + "collection": true, + "name": "Social Facebook", + }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionIdmAccountNode", + "collection": true, + "name": "Provision IDM Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + }, + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + "x": 0, + "y": 0, + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/sdk.default.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-AnonymousUser.journey.json 1`] = ` { - "_id": "null/properties/sdk", - "amconfig.header.cachingreplica": { - "com.iplanet.am.sdk.cache.maxSize": "10000", - }, - "amconfig.header.datastore": { - "com.sun.identity.sm.enableDataStoreNotification": false, - "com.sun.identity.sm.notification.threadpool.size": "1", - }, - "amconfig.header.eventservice": { - "com.iplanet.am.event.connection.delay.between.retries": "3000", - "com.iplanet.am.event.connection.ldap.error.codes.retries": "80,81,91", - "com.iplanet.am.event.connection.num.retries": "3", - "com.sun.am.event.connection.disable.list": "aci,um,sm", - }, - "amconfig.header.ldapconnection": { - "com.iplanet.am.ldap.connection.delay.between.retries": "1000", - "com.iplanet.am.ldap.connection.ldap.error.codes.retries": "80,81,91", - "com.iplanet.am.ldap.connection.num.retries": "3", - }, - "amconfig.header.sdktimetoliveconfig": { - "com.iplanet.am.sdk.cache.entry.default.expire.time": "30", - "com.iplanet.am.sdk.cache.entry.expire.enabled": false, - "com.iplanet.am.sdk.cache.entry.user.expire.time": "15", + "meta": Any, + "trees": { + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetSuccessUrlNode", + "collection": true, + "name": "Success URL", + }, + "successUrl": "https://www.forgerock.com/", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AnonymousUserNode", + "collection": true, + "name": "Anonymous User Mapping", + }, + "anonymousUserName": "anonymous", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-AnonymousUser", + "description": "null", + "enabled": true, + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", + "x": 0, + "y": 0, + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + "x": 0, + "y": 0, + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "connections": { + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + }, + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/security.default.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-DynamicAccountCreation.journey.json 1`] = ` { - "_id": "null/properties/security", - "amconfig.header.cookie": { - "com.iplanet.am.cookie.encode": false, - "com.iplanet.am.cookie.name": "iPlanetDirectoryPro", - "com.iplanet.am.cookie.secure": false, - }, - "amconfig.header.crlcache": { - "com.sun.identity.crl.cache.directory.host": "", - "com.sun.identity.crl.cache.directory.mtlsenabled": false, - "com.sun.identity.crl.cache.directory.password": null, - "com.sun.identity.crl.cache.directory.port": "", - "com.sun.identity.crl.cache.directory.searchattr": "", - "com.sun.identity.crl.cache.directory.searchlocs": "", - "com.sun.identity.crl.cache.directory.ssl": false, - "com.sun.identity.crl.cache.directory.user": "", - }, - "amconfig.header.deserialisationwhitelist": { - "openam.deserialisation.classes.whitelist": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", - }, - "amconfig.header.encryption": { - "am.encryption.pwd": "@AM_ENC_PWD@", - "am.encryption.secret.enabled": false, - "am.encryption.secret.keystoreType": "JCEKS", - "com.iplanet.security.SecureRandomFactoryImpl": "com.iplanet.am.util.SecureRandomFactoryImpl", - "com.iplanet.security.encryptor": "com.iplanet.services.util.JCEEncryption", - }, - "amconfig.header.ocsp.check": { - "com.sun.identity.authentication.ocsp.responder.nickname": "", - "com.sun.identity.authentication.ocsp.responder.url": "", - "com.sun.identity.authentication.ocspCheck": false, - }, - "amconfig.header.securitykey": { - "com.sun.identity.saml.xmlsig.certalias": "test", - "com.sun.identity.saml.xmlsig.keypass": "%BASE_DIR%/security/secrets/default/.keypass", - "com.sun.identity.saml.xmlsig.keystore": "%BASE_DIR%/security/keystores/keystore.jceks", - "com.sun.identity.saml.xmlsig.storepass": "%BASE_DIR%/security/secrets/default/.storepass", - "com.sun.identity.saml.xmlsig.storetype": "JCEKS", - }, - "amconfig.header.validation": { - "com.iplanet.am.clientIPCheckEnabled": false, - "com.iplanet.services.comm.server.pllrequest.maxContentLength": "16384", + "meta": Any, + "trees": { + "Google-DynamicAccountCreation": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionDynamicAccountNode", + "collection": true, + "name": "Provision Dynamic Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "CreatePasswordNode", + "collection": true, + "name": "Create Password", + }, + "minPasswordLength": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-DynamicAccountCreation", + "description": "null", + "enabled": true, + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", + "x": 0, + "y": 0, + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "connections": { + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + }, + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", + "x": 0, + "y": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + "x": 0, + "y": 0, + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "connections": { + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + "x": 0, + "y": 0, + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "connections": { + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + "x": 0, + "y": 0, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/session.default.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/HmacOneTimePassword.journey.json 1`] = ` { - "_id": "null/properties/session", - "amconfig.header.sessionlogging": { - "com.iplanet.am.stats.interval": "60", - "com.iplanet.services.stats.directory": "%BASE_DIR%/var/stats", - "com.iplanet.services.stats.state": "file", - "com.sun.am.session.enableHostLookUp": false, - }, - "amconfig.header.sessionnotification": { - "com.iplanet.am.notification.threadpool.size": "10", - "com.iplanet.am.notification.threadpool.threshold": "5000", - }, - "amconfig.header.sessionthresholds": { - "com.iplanet.am.session.invalidsessionmaxtime": "3", - "org.forgerock.openam.session.service.access.persistence.caching.maxsize": "5000", - }, - "amconfig.header.sessionvalidation": { - "com.sun.am.session.caseInsensitiveDN": true, + "meta": Any, + "trees": { + "HmacOneTimePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "HmacOneTimePassword", + "description": "null", + "enabled": true, + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "connections": { + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + "x": 743.0625, + "y": 58.5, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + "x": 1109.09375, + "y": 35.859375, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 546.546875, + "y": 35.859375, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 353.9375, + "y": 58.5, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "connections": { + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + "x": 920.625, + "y": 58.5, + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "connections": { + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 152, + "y": 58.5, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1326.34375, + "y": 92, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1326.34375, + "y": 25, + }, + "startNode": { + "x": 50, + "y": 58.5, + }, + }, + "uiConfig": {}, + }, + }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/server/default/uma.default.properties.server.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PersistentCookie.journey.json 1`] = ` { - "_id": "null/properties/uma", - "amconfig.org.forgerock.services.resourcesets.store.common.section": { - "org.forgerock.services.resourcesets.store.location": "default", - "org.forgerock.services.resourcesets.store.max.connections": "10", - "org.forgerock.services.resourcesets.store.root.suffix": "", - }, - "amconfig.org.forgerock.services.resourcesets.store.external.section": { - "org.forgerock.services.resourcesets.store.directory.name": "", - "org.forgerock.services.resourcesets.store.heartbeat": "10", - "org.forgerock.services.resourcesets.store.loginid": "", - "org.forgerock.services.resourcesets.store.mtls.enabled": "", - "org.forgerock.services.resourcesets.store.password": null, - "org.forgerock.services.resourcesets.store.ssl.enabled": "", - "org.forgerock.services.resourcesets.store.starttls.enabled": "", - }, - "amconfig.org.forgerock.services.uma.labels.store.common.section": { - "org.forgerock.services.uma.labels.store.location": "default", - "org.forgerock.services.uma.labels.store.max.connections": "2", - "org.forgerock.services.uma.labels.store.root.suffix": "", - }, - "amconfig.org.forgerock.services.uma.labels.store.external.section": { - "org.forgerock.services.uma.labels.store.directory.name": "", - "org.forgerock.services.uma.labels.store.heartbeat": "10", - "org.forgerock.services.uma.labels.store.loginid": "", - "org.forgerock.services.uma.labels.store.mtls.enabled": "", - "org.forgerock.services.uma.labels.store.password": null, - "org.forgerock.services.uma.labels.store.ssl.enabled": "", - "org.forgerock.services.uma.labels.store.starttls.enabled": "", - }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { - "org.forgerock.services.uma.pendingrequests.store.location": "default", - "org.forgerock.services.uma.pendingrequests.store.max.connections": "10", - "org.forgerock.services.uma.pendingrequests.store.root.suffix": "", - }, - "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { - "org.forgerock.services.uma.pendingrequests.store.directory.name": "", - "org.forgerock.services.uma.pendingrequests.store.heartbeat": "10", - "org.forgerock.services.uma.pendingrequests.store.loginid": "", - "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": "", - "org.forgerock.services.uma.pendingrequests.store.password": null, - "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": "", - "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": "", - }, - "amconfig.org.forgerock.services.umaaudit.store.common.section": { - "org.forgerock.services.umaaudit.store.location": "default", - "org.forgerock.services.umaaudit.store.max.connections": "10", - "org.forgerock.services.umaaudit.store.root.suffix": "", + "meta": Any, + "trees": { + "PersistentCookie": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", + }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "PersistentCookieDecisionNode", + "collection": true, + "name": "Persistent Cookie Decision", + }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PersistentCookie", + "description": "null", + "enabled": true, + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "connections": { + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + "x": 0, + "y": 0, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + "x": 0, + "y": 0, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "connections": { + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, }, - "amconfig.org.forgerock.services.umaaudit.store.external.section": { - "org.forgerock.services.umaaudit.store.directory.name": "", - "org.forgerock.services.umaaudit.store.heartbeat": "10", - "org.forgerock.services.umaaudit.store.loginid": "", - "org.forgerock.services.umaaudit.store.mtls.enabled": "", - "org.forgerock.services.umaaudit.store.password": null, - "org.forgerock.services.umaaudit.store.ssl.enabled": "", - "org.forgerock.services.umaaudit.store.starttls.enabled": "", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformForgottenUsername.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identityAttribute": "mail", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/serverInformation/information.serverInformation.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformLogin.journey.json 1`] = ` { "meta": Any, - "serverInformation": { - "*": { - "_id": "*", - "cookieName": "iPlanetDirectoryPro", - "domains": [], - "fileBasedConfiguration": false, - "forgotPassword": "false", - "forgotUsername": "false", - "kbaEnabled": "false", - "lang": "en-US", - "protectedUserAttributes": [ - "telephoneNumber", - "mail", - ], - "realm": "/", - "referralsEnabled": "false", - "secureCookie": false, - "selfRegistration": "false", - "socialImplementations": [], - "successfulUserRegistrationDestination": "default", - "userIdAttributes": [], - "xuiUserSessionValidationEnabled": true, - "zeroPageLogin": { - "allowedWithoutReferer": true, - "enabled": false, - "refererWhitelist": [], + "trees": { + "PlatformLogin": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformProgressiveProfile", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformLogin", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/serverVersion/version.serverVersion.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformProgressiveProfile.journey.json 1`] = ` { "meta": Any, - "serverVersion": { - "version": { - "_id": "version", - "date": "2024-March-28 16:00", - "fullVersion": "ForgeRock Access Management 7.5.0 Build 89116d59a1ebe73ed1931dd3649adb7f217cd06b (2024-March-28 16:00)", - "revision": "89116d59a1ebe73ed1931dd3649adb7f217cd06b", - "version": "7.5.0", + "trees": { + "PlatformProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, + }, + }, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision", + }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", + }, + "stage": "null", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision", + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + "x": 0, + "y": 0, + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + "x": 0, + "y": 0, + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/ConfigurationVersionService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformRegistration.journey.json 1`] = ` { "meta": Any, - "service": { - "ConfigurationVersionService": { - "_id": "", - "_type": { - "_id": "ConfigurationVersionService", - "collection": false, - "name": "Configuration Version Service", + "trees": { + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, + }, + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + "x": 0, + "y": 0, + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "appliedRuleIds": [ - "AME-23273", - "AME-21032", - "AME-21768", - ], - "configurationVersion": "8.0.0.0", - "location": "global", - "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/CorsService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformResetPassword.journey.json 1`] = ` { "meta": Any, - "service": { - "CorsService": { - "_id": "", - "_type": { - "_id": "CorsService", - "collection": false, - "name": "CORS Service", + "trees": { + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "enabled": true, - "location": "global", - "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/DataStoreService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformUpdatePassword.journey.json 1`] = ` { "meta": Any, - "service": { - "DataStoreService": { - "_id": "", - "_type": { - "_id": "DataStoreService", - "collection": false, - "name": "External Data Stores", + "trees": { + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, }, - "defaults": { - "applicationDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", - "policyDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + "x": 0, + "y": 0, + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "location": "global", - "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/GoogleCloudServiceAccountService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/RetryLimit.journey.json 1`] = ` { "meta": Any, - "service": { - "GoogleCloudServiceAccountService": { - "_id": "", - "_type": { - "_id": "GoogleCloudServiceAccountService", - "collection": false, - "name": "Google Cloud Platform Service Accounts", - }, - "enabled": true, - "location": "global", - "nextDescendents": [ - { - "_id": "default", + "trees": { + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "serviceAccounts", + "_id": "UsernameCollectorNode", "collection": true, - "name": "GCP Service Account", + "name": "Username Collector", }, - "allowedRealms": [ - "*", + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, ], - "allowedSecretNamePatterns": [ - "*", + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], - "disallowedSecretNamePatterns": [], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, }, - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/IdentityAssertionService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "IdentityAssertionService": { - "_id": "", - "_type": { - "_id": "IdentityAssertionService", - "collection": false, - "name": "Identity Assertion Service", - }, - "cacheDuration": 120, - "defaults": { - "cacheDuration": 120, - "enable": true, - }, - "enable": true, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/RadiusServerService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "RadiusServerService": { - "_id": "", - "_type": { - "_id": "RadiusServerService", - "collection": false, - "name": "RADIUS Server", - }, - "location": "global", - "nextDescendents": [], - "radiusListenerEnabled": "NO", - "radiusServerPort": 1812, - "radiusThreadPoolCoreSize": 1, - "radiusThreadPoolKeepaliveSeconds": 10, - "radiusThreadPoolMaxSize": 10, - "radiusThreadPoolQueueSize": 20, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/RemoteConsentService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "RemoteConsentService": { - "_id": "", - "_type": { - "_id": "RemoteConsentService", - "collection": false, - "name": "Remote Consent Service", - }, - "defaults": { - "consentResponseTimeLimit": 2, - "jwkStoreCacheMissCacheTime": 1, - "jwkStoreCacheTimeout": 5, - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/SocialIdentityProviders.service.json 1`] = ` -{ - "meta": Any, - "service": { - "SocialIdentityProviders": { - "_id": "", - "_type": { - "_id": "SocialIdentityProviders", - "collection": false, - "name": "Social Identity Provider Service", - }, - "defaults": { - "enabled": true, - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/amSessionPropertyWhitelist.service.json 1`] = ` -{ - "meta": Any, - "service": { - "amSessionPropertyWhitelist": { - "_id": "", - "_type": { - "_id": "amSessionPropertyWhitelist", - "collection": false, - "name": "Session Property Whitelist Service", - }, - "defaults": { - "sessionPropertyWhitelist": [ - "AMCtxId", - ], - "whitelistedQueryProperties": [], - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/androidKeyAttestation.service.json 1`] = ` -{ - "meta": Any, - "service": { - "androidKeyAttestation": { - "_id": "", - "_type": { - "_id": "androidKeyAttestation", - "collection": false, - "name": "Android Key Attestation", - }, - "cacheDuration": 24, - "defaults": { - "crlUrl": "https://android.googleapis.com/attestation/status", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/audit.service.json 1`] = ` -{ - "meta": Any, - "service": { - "audit": { - "_id": "", - "_type": { - "_id": "audit", - "collection": false, - "name": "Audit Logging", - }, - "auditEnabled": true, - "blacklistFieldFilters": [], - "defaults": { - "auditEnabled": true, - "blacklistFieldFilters": [], - "whitelistFieldFilters": [], - }, - "location": "global", - "nextDescendents": [ - { - "_id": "Global JSON Handler", + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], "_type": { - "_id": "JSON", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "JSON", + "name": "Data Store Decision", }, - "commonHandler": { - "enabled": true, - "topics": [ - "access", - "activity", - "config", - "authentication", - ], + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", }, - "commonHandlerPlugin": { - "handlerFactory": "org.forgerock.openam.audit.events.handlers.JsonAuditEventHandlerFactory", + "lockAction": "LOCK", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, }, - "jsonBuffering": { - "bufferingMaxSize": "100000", - "bufferingWriteInterval": "5", + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, }, - "jsonConfig": { - "elasticsearchCompatible": false, - "location": "%BASE_DIR%/var/audit/", - "rotationRetentionCheckInterval": "5", + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, }, - "jsonFileRetention": { - "retentionMaxDiskSpaceToUse": "-1", - "retentionMaxNumberOfHistoryFiles": "1", - "retentionMinFreeSpaceRequired": "-1", + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, }, - "jsonFileRotation": { - "rotationEnabled": true, - "rotationFileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "rotationInterval": "-1", - "rotationMaxFileSize": "100000000", - "rotationTimes": [], + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + "x": 0, + "y": 0, }, }, - ], - "whitelistFieldFilters": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/authenticatorOathService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "authenticatorOathService": { - "_id": "", - "_type": { - "_id": "authenticatorOathService", - "collection": false, - "name": "ForgeRock Authenticator (OATH) Service", - }, - "defaults": { - "authenticatorOATHDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", - "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", - "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", - "authenticatorOATHSkippableName": "oath2faEnabled", - "oathAttrName": "oathDeviceProfiles", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/authenticatorPushService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "authenticatorPushService": { - "_id": "", - "_type": { - "_id": "authenticatorPushService", - "collection": false, - "name": "ForgeRock Authenticator (Push) Service", - }, - "defaults": { - "authenticatorPushDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", - "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", - "authenticatorPushSkippableName": "push2faEnabled", - "pushAttrName": "pushDeviceProfiles", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/authenticatorWebAuthnService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "authenticatorWebAuthnService": { - "_id": "", - "_type": { - "_id": "authenticatorWebAuthnService", - "collection": false, - "name": "WebAuthn Profile Encryption Service", - }, - "defaults": { - "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jceks", - "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", - "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", - "webauthnAttrName": "webauthnDeviceProfiles", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/baseurl.service.json 1`] = ` -{ - "meta": Any, - "service": { - "baseurl": { - "_id": "", - "_type": { - "_id": "baseurl", - "collection": false, - "name": "Base URL Source", - }, - "defaults": { - "contextPath": "/am", - "source": "REQUEST_VALUES", + "uiConfig": {}, }, - "location": "global", - "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/dashboard.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/oath_registration.journey.json 1`] = ` { "meta": Any, - "service": { - "dashboard": { - "_id": "", - "_type": { - "_id": "dashboard", - "collection": false, - "name": "Dashboard", - }, - "defaults": { - "assignedDashboard": [], + "trees": { + "oath_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c": { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f": { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, }, - "location": "global", - "nextDescendents": [ - { - "_id": "Google", + "nodes": { + "35ca2418-908d-4b92-9320-ef8576851abb": { + "_id": "35ca2418-908d-4b92-9320-ef8576851abb", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], "_type": { - "_id": "instances", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "instance", + "name": "Data Store Decision", }, - "className": "SAML2ApplicationClass", - "displayName": "Google", - "icfIdentifier": "idm magic 34", - "icon": "images/logos/googleplus.png", - "login": "http://www.google.com", - "name": "Google", }, - { - "_id": "SalesForce", + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "_id": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + ], "_type": { - "_id": "instances", + "_id": "OathRegistrationNode", "collection": true, - "name": "instance", + "name": "OATH Registration", }, - "className": "SAML2ApplicationClass", - "displayName": "SalesForce", - "icfIdentifier": "idm magic 12", - "icon": "images/logos/salesforce.png", - "login": "http://www.salesforce.com", - "name": "SalesForce", + "accountName": "USERNAME", + "addChecksum": false, + "algorithm": "TOTP", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "minSharedSecretLength": 32, + "passwordLength": "SIX_DIGITS", + "postponeDeviceProfileStorage": false, + "scanQRCodeMessage": {}, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "truncationOffset": -1, }, - { - "_id": "ZenDesk", + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "_id": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Not registered", + "id": "notRegisteredOutcome", + }, + ], "_type": { - "_id": "instances", + "_id": "OathTokenVerifierNode", "collection": true, - "name": "instance", + "name": "OATH Token Verifier", }, - "className": "SAML2ApplicationClass", - "displayName": "ZenDesk", - "icfIdentifier": "idm magic 56", - "icon": "images/logos/zendesk.png", - "login": "http://www.ZenDesk.com", - "name": "ZenDesk", + "algorithm": "TOTP", + "hotpWindowSize": 100, + "isRecoveryCodeAllowed": false, + "maximumAllowedClockDrift": 5, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "totpTimeSteps": 2, + }, + "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "_id": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, }, - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/deviceBindingService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "deviceBindingService": { - "_id": "", - "_type": { - "_id": "deviceBindingService", - "collection": false, - "name": "Device Binding Service", - }, - "defaults": { - "deviceBindingAttrName": "boundDevices", - "deviceBindingSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceBindingSettingsEncryptionKeystorePassword": null, - "deviceBindingSettingsEncryptionKeystoreType": "JKS", - "deviceBindingSettingsEncryptionScheme": "NONE", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/deviceIdService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "deviceIdService": { - "_id": "", - "_type": { - "_id": "deviceIdService", - "collection": false, - "name": "Device ID Service", - }, - "defaults": { - "deviceIdAttrName": "devicePrintProfiles", - "deviceIdSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceIdSettingsEncryptionKeystorePassword": null, - "deviceIdSettingsEncryptionKeystoreType": "JKS", - "deviceIdSettingsEncryptionScheme": "NONE", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/deviceProfilesService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "deviceProfilesService": { - "_id": "", - "_type": { - "_id": "deviceProfilesService", - "collection": false, - "name": "Device Profiles Service", - }, - "defaults": { - "deviceProfilesAttrName": "deviceProfiles", - "deviceProfilesSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceProfilesSettingsEncryptionKeystorePassword": null, - "deviceProfilesSettingsEncryptionKeystoreType": "JKS", - "deviceProfilesSettingsEncryptionScheme": "NONE", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/email.service.json 1`] = ` -{ - "meta": Any, - "service": { - "email": { - "_id": "", - "_type": { - "_id": "email", - "collection": false, - "name": "Email Service", - }, - "defaults": { - "emailAddressAttribute": "mail", - "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", - "emailRateLimitSeconds": 1, - "port": 465, - "sslState": "SSL", - }, - "location": "global", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/federationcommon.service.json 1`] = ` -{ - "meta": Any, - "service": { - "federation/common": { - "_id": "", - "_type": { - "_id": "federation/common", - "collection": false, - "name": "Common Federation Configuration", - }, - "algorithms": { - "DigestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256", - "QuerySignatureAlgorithmDSA": "http://www.w3.org/2009/xmldsig11#dsa-sha256", - "QuerySignatureAlgorithmEC": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", - "QuerySignatureAlgorithmRSA": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - "aesKeyWrapAlgorithm": "http://www.w3.org/2001/04/xmlenc#kw-aes256", - "canonicalizationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", - "maskGenerationFunction": "http://www.w3.org/2009/xmlenc11#mgf1sha256", - "rsaKeyTransportAlgorithm": "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", - "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", - "transformationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", - }, - "generalConfig": { - "certificateChecking": "on", - "maxContentLength": 20480, - "samlErrorPageHttpBinding": "HTTP-POST", - "samlErrorPageUrl": "/saml2/jsp/saml2error.jsp", - }, - "implementationClasses": { - "configurationClass": "com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl", - "datastoreClass": "com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider", - "keyProviderClass": "com.sun.identity.saml.xmlsig.JKSKeyProvider", - "loggerClass": "com.sun.identity.plugin.log.impl.LogProvider", - "passwordDecoderClass": "com.sun.identity.saml.xmlsig.FMPasswordDecoder", - "rootUrlProviderClass": "org.forgerock.openam.federation.plugin.rooturl.impl.FmRootUrlProvider", - "sessionProviderClass": "com.sun.identity.plugin.session.impl.FMSessionProvider", - "signatureProviderClass": "com.sun.identity.saml.xmlsig.AMSignatureProvider", - }, - "location": "global", - "montoring": { - "monitoringAgentClass": "com.sun.identity.plugin.monitoring.impl.AgentProvider", - "monitoringSaml2Class": "com.sun.identity.plugin.monitoring.impl.FedMonSAML2SvcProvider", - }, - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/federationmulti.service.json 1`] = ` -{ - "meta": Any, - "service": { - "federation/multi": { - "_id": "", - "_type": { - "_id": "federation/multi", - "collection": false, - "name": "Multi-Federation Protocol", - }, - "location": "global", - "nextDescendents": [], - "singleLogoutHandlerList": [ - "key=WSFED|class=com.sun.identity.multiprotocol.WSFederationSingleLogoutHandler", - "key=SAML2|class=com.sun.identity.multiprotocol.SAML2SingleLogoutHandler", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/federationsaml2soapbinding.service.json 1`] = ` -{ - "meta": Any, - "service": { - "federation/saml2soapbinding": { - "_id": "", - "_type": { - "_id": "federation/saml2soapbinding", - "collection": false, - "name": "SAML v2.0 SOAP Binding", - }, - "location": "global", - "nextDescendents": [], - "requestHandlers": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/globalization.service.json 1`] = ` -{ - "meta": Any, - "service": { - "globalization": { - "_id": "", - "_type": { - "_id": "globalization", - "collection": false, - "name": "Globalization Settings", }, - "charsetMappings": [ - "locale=zh|charset=UTF-8;GB2312", - "locale=ar|charset=UTF-8;ISO-8859-6", - "locale=es|charset=UTF-8;ISO-8859-15", - "locale=de|charset=UTF-8;ISO-8859-15", - "locale=zh_TW|charset=UTF-8;BIG5", - "locale=fr|charset=UTF-8;ISO-8859-15", - "locale=ko|charset=UTF-8;EUC-KR", - "locale=en|charset=UTF-8;ISO-8859-1", - "locale=th|charset=UTF-8;TIS-620", - "locale=ja|charset=UTF-8;Shift_JIS;EUC-JP", - ], - "defaults": { - "commonNameFormats": [ - "zh={sn}{givenname}", - ], + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "oath_registration", + "enabled": true, + "entryNodeId": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "innerTreeOnly": false, + "nodes": { + "35ca2418-908d-4b92-9320-ef8576851abb": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 416, + "y": 161, + }, + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + }, + "displayName": "OATH Registration", + "nodeType": "OathRegistrationNode", + "x": 717, + "y": 290, + }, + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "notRegisteredOutcome": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "successOutcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OATH Token Verifier", + "nodeType": "OathTokenVerifierNode", + "x": 689, + "y": 102, + }, + "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "connections": { + "outcome": "35ca2418-908d-4b92-9320-ef8576851abb", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 202, + "y": 139, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1103, + "y": 47, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1100, + "y": 240, + }, + "startNode": { + "x": 50, + "y": 25, + }, + }, + "uiConfig": {}, }, - "location": "global", - "nextDescendents": [], - "sun-identity-g11n-settings-charset-alias-mapping": [ - "mimeName=EUC-KR|javaName=EUC_KR", - "mimeName=EUC-JP|javaName=EUC_JP", - "mimeName=Shift_JIS|javaName=SJIS", - ], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/id-repositories.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/push_registration.journey.json 1`] = ` { "meta": Any, - "service": { - "id-repositories": { - "_id": "", - "_type": { - "_id": "id-repositories", - "collection": false, - "name": "sunIdentityRepositoryService", - }, - "defaults": { - "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", - "sunIdRepoAttributeValidator": [ - "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", - "minimumPasswordLength=8", - "usernameInvalidChars=*|(|)|&|!", - ], + "trees": { + "push_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9": { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "7ab18633-6eb0-455d-97ff-40ff7db4862a": { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, }, - "location": "global", - "nextDescendents": [ - { - "_id": "agent", + "nodes": { + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "_id": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { + "_id": "0e161d10-c2d1-4196-8b41-59f80be4a587", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "SupportedIdentities", + "name": "Data Store Decision", }, }, - { - "_id": "agentgroup", + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "_id": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "_outcomes": [ + { + "displayName": "Sent", + "id": "SENT", + }, + { + "displayName": "Not Registered", + "id": "NOT_REGISTERED", + }, + { + "displayName": "Skipped", + "id": "SKIPPED", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "PushAuthenticationSenderNode", "collection": true, - "name": "SupportedIdentities", + "name": "Push Sender", }, + "captureFailure": false, + "contextInfo": false, + "customPayload": [], + "mandatory": false, + "messageTimeout": 120000, + "pushType": "DEFAULT", + "userMessage": {}, }, - { - "_id": "agentonly", + "527e6b31-01db-409c-8f52-01a5b7f48737": { + "_id": "527e6b31-01db-409c-8f52-01a5b7f48737", + "_outcomes": [ + { + "displayName": "Success", + "id": "TRUE", + }, + { + "displayName": "Failure", + "id": "FALSE", + }, + { + "displayName": "Expired", + "id": "EXPIRED", + }, + { + "displayName": "Waiting", + "id": "WAITING", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "PushResultVerifierNode", "collection": true, - "name": "SupportedIdentities", + "name": "Push Result Verifier Node", }, }, - { - "_id": "filteredrole", + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "_id": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Time Out", + "id": "timeoutOutcome", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "PushRegistrationNode", "collection": true, - "name": "SupportedIdentities", + "name": "Push Registration", }, + "accountName": "USERNAME", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "scanQRCodeMessage": {}, + "timeout": 60, }, - { - "_id": "group", + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "_id": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "_outcomes": [ + { + "displayName": "Done", + "id": "DONE", + }, + { + "displayName": "Exit", + "id": "EXITED", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "PushWaitNode", "collection": true, - "name": "SupportedIdentities", + "name": "Push Wait Node", }, + "challengeMessage": {}, + "exitMessage": {}, + "secondsToWait": 5, + "waitingMessage": {}, }, - { - "_id": "realm", + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "push_registration", + "enabled": true, + "entryNodeId": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "innerTreeOnly": false, + "nodes": { + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "connections": {}, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 180, + "y": 133, + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { + "connections": { + "true": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 406, + "y": 126, + }, + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "connections": { + "NOT_REGISTERED": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "SENT": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "SKIPPED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Push Sender", + "nodeType": "PushAuthenticationSenderNode", + "x": 647, + "y": 79, + }, + "527e6b31-01db-409c-8f52-01a5b7f48737": { + "connections": { + "EXPIRED": "e301438c-0bd0-429c-ab0c-66126501069a", + "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", + "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "WAITING": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Push Result Verifier Node", + "nodeType": "PushResultVerifierNode", + "x": 1016, + "y": 122, + }, + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "timeoutOutcome": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + }, + "displayName": "Push Registration", + "nodeType": "PushRegistrationNode", + "x": 639, + "y": 299, + }, + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "connections": { + "DONE": "527e6b31-01db-409c-8f52-01a5b7f48737", + "EXITED": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + }, + "displayName": "Push Wait Node", + "nodeType": "PushWaitNode", + "x": 823, + "y": 126, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1245, + "y": 35, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1292, + "y": 172, + }, + "startNode": { + "x": 57, + "y": 22, + }, + }, + "uiConfig": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/six.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "six": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "_id": "295a70ba-2b67-4a48-bf13-237ce0a55450", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "SupportedIdentities", + "name": "Platform Username", }, + "usernameAttribute": "userName", + "validateInput": false, }, - { - "_id": "role", + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "_id": "4a77788d-d443-4646-ac52-5cb9f2207a8a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "SupportedIdentities", + "name": "Platform Username", }, + "usernameAttribute": "userName", + "validateInput": false, }, - { - "_id": "user", + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "_id": "5883ff1e-80dd-49f5-a609-120303e1b0cd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "SupportedIdentities", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "SupportedIdentities", + "name": "Platform Username", }, + "usernameAttribute": "userName", + "validateInput": false, }, - { - "_id": "amAdmin", + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "_id": "59129227-f192-4ff4-a7b4-bc7690b82d4f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "user", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "User", + "name": "Platform Username", }, - "cn": "amAdmin", - "dn": "uid=amAdmin,ou=people,", - "givenName": "amAdmin", - "inetUserStatus": "Active", - "iplanet-am-user-auth-config": "[Empty]", - "roles": [], - "sn": "amAdmin", - "userPassword": null, + "usernameAttribute": "userName", + "validateInput": false, }, - { - "_id": "anonymous", + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "_id": "6a1aa88f-25f8-4d40-8008-bfc6684b2a58", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "user", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "User", + "name": "Platform Username", }, - "cn": "anonymous", - "dn": "uid=anonymous,ou=people,", - "givenName": "anonymous", - "inetUserStatus": "Inactive", - "iplanet-am-user-auth-config": "[Empty]", - "roles": [], - "sn": "anonymous", - "userPassword": null, + "usernameAttribute": "userName", + "validateInput": false, }, - { - "_id": "dsameuser", + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "_id": "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "user", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "User", + "name": "Platform Username", }, - "dn": "cn=dsameuser,ou=DSAME Users,", - "inetUserStatus": "Active", - "iplanet-am-user-auth-config": "[Empty]", - "roles": [], - "userPassword": null, + "usernameAttribute": "userName", + "validateInput": false, }, - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/idm-integration.service.json 1`] = ` -{ - "meta": Any, - "service": { - "idm-integration": { - "_id": "", - "_type": { - "_id": "idm-integration", - "collection": false, - "name": "IDM Provisioning", - }, - "configurationCacheDuration": 0, - "enabled": false, - "idmProvisioningClient": "idm-provisioning", - "jwtSigningCompatibilityMode": false, - "location": "global", - "nextDescendents": [], - "provisioningClientScopes": [ - "fr:idm:*", - ], - "useInternalOAuth2Provider": false, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/iot.service.json 1`] = ` -{ - "meta": Any, - "service": { - "iot": { - "_id": "", - "_type": { - "_id": "iot", - "collection": false, - "name": "IoT Service", }, - "defaults": { - "attributeAllowlist": [ - "thingConfig", - ], - "createOAuthClient": false, - "createOAuthJwtIssuer": false, - "oauthClientName": "forgerock-iot-oauth2-client", - "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "six", + "enabled": true, + "entryNodeId": "e301438c-0bd0-429c-ab0c-66126501069a", + "innerTreeOnly": false, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 488, + "y": 57.890625, + }, + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 494, + "y": 458.890625, + }, + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 446, + "y": 298.890625, + }, + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 482, + "y": 220.890625, + }, + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 461, + "y": 369.890625, + }, + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 499, + "y": 139.890625, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 50, + "y": 117, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 152, + "y": 25, + }, + "startNode": { + "x": 50, + "y": 25, + }, + }, + "uiConfig": {}, }, - "location": "global", - "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/logging.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/test.journey.json 1`] = ` { "meta": Any, - "service": { - "logging": { - "_id": "", - "_type": { - "_id": "logging", - "collection": false, - "name": "Logging", - }, - "database": { - "databaseFailureMemoryBufferSize": 2, - "driver": "oracle.jdbc.driver.OracleDriver", - "maxRecords": 500, - "user": "dbuser", - }, - "file": { - "location": "%BASE_DIR%/var/audit/", - "maxFileSize": 100000000, - "numberHistoryFiles": 1, - "rotationEnabled": true, - "rotationInterval": -1, - "suffix": "-MM.dd.yy-kk.mm", - }, - "general": { - "bufferSize": 25, - "bufferTime": 60, - "buffering": "ON", - "certificateStore": "%BASE_DIR%/var/audit/Logger.jks", - "fields": [ - "IPAddr", - "LoggedBy", - "LoginID", - "NameID", - "ModuleName", - "ContextID", - "Domain", - "LogLevel", - "HostName", - "MessageID", - ], - "filesPerKeystore": 5, - "jdkLoggingLevel": "INFO", - "security": "OFF", - "signaturePeriod": 900, - "signingAlgorithm": "SHA1withRSA", - "status": "INACTIVE", - "type": "File", - "verifyPeriod": 3600, - }, - "location": "global", - "nextDescendents": [], - "resolveHostName": false, - "syslog": { - "facility": "local5", - "host": "localhost", - "port": 514, - "protocol": "UDP", - "timeout": 30, + "trees": { + "test": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": {}, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "test", + "enabled": true, + "entryNodeId": "d26176be-ea6f-4f2a-81cd-3d41dd6cee4d", + "innerTreeOnly": false, + "nodes": {}, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 50, + "y": 117, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 152, + "y": 25, + }, + "startNode": { + "x": 50, + "y": 25, + }, + }, + "uiConfig": {}, }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/monitoring.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/webauthn_registration.journey.json 1`] = ` { "meta": Any, - "service": { - "monitoring": { - "_id": "", - "_type": { - "_id": "monitoring", - "collection": false, - "name": "Monitoring", - }, - "authfilePath": "%BASE_DIR%/security/openam_mon_auth", - "enabled": true, - "httpEnabled": false, - "httpPort": 8082, - "location": "global", - "nextDescendents": [ - { - "_id": "crest", + "trees": { + "webauthn_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "08faa9c0-7c19-454a-a4e1-0692d94615f6": { + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "crest", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "CREST Reporter", + "name": "Platform Username", }, - "enabled": false, + "usernameAttribute": "userName", + "validateInput": false, }, - { - "_id": "prometheus", + "3334a349-b2ea-42e0-86b8-9f6c39d43dad": { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], "_type": { - "_id": "prometheus", + "_id": "ValidatedPasswordNode", "collection": true, - "name": "Prometheus Reporter", + "name": "Platform Password", }, - "authenticationType": "BASIC", - "enabled": false, - "password": null, - "username": "prometheus", + "passwordAttribute": "password", + "validateInput": false, }, - ], - "policyHistoryWindowSize": 10000, - "rmiEnabled": false, - "rmiPort": 9999, - "sessionHistoryWindowSize": 10000, - "snmpEnabled": false, - "snmpPort": 8085, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/naming.service.json 1`] = ` -{ - "meta": Any, - "service": { - "naming": { - "_id": "", - "_type": { - "_id": "naming", - "collection": false, - "name": "Naming", - }, - "endpointConfig": { - "jaxwsUrl": "%protocol://%host:%port%uri/identityservices/", - "stsMexUrl": "%protocol://%host:%port%uri/sts/mex", - "stsUrl": "%protocol://%host:%port%uri/sts", }, - "federationConfig": { - "jaxrpcUrl": "%protocol://%host:%port%uri/jaxrpc/", - "samlAssertionManagerUrl": "%protocol://%host:%port%uri/AssertionManagerServlet/AssertionManagerIF", - "samlAwareServletUrl": "%protocol://%host:%port%uri/SAMLAwareServlet", - "samlPostServletUrl": "%protocol://%host:%port%uri/SAMLPOSTProfileServlet", - "samlSoapReceiverUrl": "%protocol://%host:%port%uri/SAMLSOAPReceiver", + "nodes": { + "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "_id": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "_outcomes": [ + { + "displayName": "Unsupported", + "id": "unsupported", + }, + { + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", + }, + ], + "_type": { + "_id": "WebAuthnRegistrationNode", + "collection": true, + "name": "WebAuthn Registration Node", + }, + "acceptedSigningAlgorithms": [ + "ES256", + "RS256", + ], + "asScript": true, + "attestationPreference": "NONE", + "authenticatorAttachment": "UNSPECIFIED", + "enforceRevocationCheck": false, + "excludeCredentials": false, + "generateRecoveryCodes": true, + "maxSavedDevices": 0, + "origins": [], + "postponeDeviceProfileStorage": false, + "relyingPartyName": "ForgeRock", + "requiresResidentKey": false, + "storeAttestationDataInTransientState": false, + "timeout": 60, + "trustStoreAlias": "trustalias", + "userVerificationRequirement": "PREFERRED", + }, + "807106ff-fb66-469e-93bb-4e0834f6c875": { + "_id": "807106ff-fb66-469e-93bb-4e0834f6c875", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "_id": "878eb28e-41b2-4bd7-9256-80ed427bd168", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "_id": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "_outcomes": [ + { + "displayName": "Unsupported", + "id": "unsupported", + }, + { + "displayName": "No Device Registered", + "id": "noDevice", + }, + { + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", + }, + ], + "_type": { + "_id": "WebAuthnAuthenticationNode", + "collection": true, + "name": "WebAuthn Authentication Node", + }, + "asScript": true, + "isRecoveryCodeAllowed": false, + "origins": [], + "requiresResidentKey": false, + "timeout": 60, + "userVerificationRequirement": "PREFERRED", + }, }, - "generalConfig": { - "authUrl": "%protocol://%host:%port%uri/authservice", - "loggingUrl": "%protocol://%host:%port%uri/loggingservice", - "policyUrl": "%protocol://%host:%port%uri/policyservice", - "profileUrl": "%protocol://%host:%port%uri/profileservice", - "sessionUrl": "%protocol://%host:%port%uri/sessionservice", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "webauthn_registration", + "enabled": true, + "entryNodeId": "807106ff-fb66-469e-93bb-4e0834f6c875", + "innerTreeOnly": false, + "nodes": { + "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "connections": { + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "success": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "WebAuthn Registration Node", + "nodeType": "WebAuthnRegistrationNode", + "x": 629, + "y": 266, + }, + "807106ff-fb66-469e-93bb-4e0834f6c875": { + "connections": { + "outcome": "878eb28e-41b2-4bd7-9256-80ed427bd168", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 192, + "y": 156, + }, + "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 396, + "y": 157, + }, + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "connections": { + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "noDevice": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "success": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "WebAuthn Authentication Node", + "nodeType": "WebAuthnAuthenticationNode", + "x": 608, + "y": 24, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1200, + "y": 34, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1206, + "y": 135, + }, + "startNode": { + "x": 76, + "y": 98, + }, + }, + "uiConfig": {}, }, - "location": "global", - "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/oauth-oidc.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/oauth2.app/test-client.oauth2.app.json 1`] = ` { - "meta": Any, - "service": { - "oauth-oidc": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "allowUnauthorisedAccessToUserCodeForm": false, - "blacklistCacheSize": 10000, - "blacklistPollInterval": 60, - "blacklistPurgeDelay": 1, - "defaults": { + "application": { + "test client": { + "_id": "test client", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, "advancedOAuth2Config": { "allowClientCredentialsInTokenRequestQueryParameters": false, "allowedAudienceValues": [], @@ -378979,6 +392447,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "moduleMessageEnabledInPasswordGrant": false, "nbfClaimRequiredInRequestObject": false, "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", "persistentClaims": [], "refreshTokenGracePeriod": 0, "requestObjectProcessing": "OIDC", @@ -379337,2258 +392806,2615 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", }, }, - "jwtTokenLifetimeValidationEnabled": true, - "jwtTokenRequiredClaims": [], - "jwtTokenUnreasonableLifetime": 86400, - "location": "global", - "nextDescendents": [], - "statelessGrantTokenUpgradeCompatibilityMode": false, - "storageScheme": "CTS_ONE_TO_ONE_MODEL", + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "secretLabelIdentifier": null, + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policy/Test-Policy.policy.json 1`] = ` +{ + "meta": Any, + "policy": { + "Test Policy": { + "_id": "Test Policy", + "actionValues": {}, + "active": true, + "applicationName": "iPlanetAMWebAgentService", + "createdBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": "2024-06-27T17:07:04.220Z", + "description": "", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": "2024-10-09T21:36:26.771Z", + "name": "Test Policy", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/*?*", + ], + "subject": { + "subjects": [ + { + "type": "NONE", + }, + { + "subjectValues": [ + "id=phales,ou=user,dc=openam,dc=forgerock,dc=org", + ], + "type": "Identity", + }, + ], + "type": "AND", + }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/pingOneWorkerService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/iPlanetAMWebAgentService.policyset.json 1`] = ` { "meta": Any, - "service": { - "pingOneWorkerService": { - "_id": "", - "_type": { - "_id": "pingOneWorkerService", - "collection": false, - "name": "PingOne Worker Service", - }, - "defaults": { - "enabled": true, - }, - "location": "global", - "nextDescendents": [], + "policyset": { + "iPlanetAMWebAgentService": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1718897366825, + "description": "The built-in Application used by OpenAM Policy Agents.", + "displayName": "Default Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786744, + "name": "iPlanetAMWebAgentService", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/platform.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/oauth2Scopes.policyset.json 1`] = ` { "meta": Any, - "service": { - "platform": { - "_id": "", - "_type": { - "_id": "platform", - "collection": false, - "name": "Platform", - }, - "cookieDomains": [], - "locale": "en_US", - "location": "global", - "nextDescendents": [], + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1718897366918, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786761, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/policyconfiguration.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` { "meta": Any, - "service": { - "policyconfiguration": { - "_id": "", - "_type": { - "_id": "policyconfiguration", - "collection": false, - "name": "Policy Configuration", - }, - "continueEvaluationOnDeny": false, - "defaults": { - "bindDn": "cn=Directory Manager", - "checkIfResourceTypeExists": true, - "connectionPoolMaximumSize": 10, - "connectionPoolMinimumSize": 1, - "ldapServer": [ - "localhost:50636", - ], - "maximumSearchResults": 100, - "mtlsEnabled": false, - "policyHeartbeatInterval": 10, - "policyHeartbeatTimeUnit": "SECONDS", - "realmSearchFilter": "(objectclass=sunismanagedorganization)", - "searchTimeout": 5, - "sslEnabled": true, - "subjectsResultTTL": 10, - "userAliasEnabled": false, - "usersBaseDn": "dc=openam,dc=forgerock,dc=org", - "usersSearchAttribute": "uid", - "usersSearchFilter": "(objectclass=inetorgperson)", - "usersSearchScope": "SCOPE_SUB", + "resourcetype": { + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, }, - "location": "global", - "nextDescendents": [], - "realmAliasReferrals": false, - "resourceComparators": [ - "serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|oneLevelWildcard=-*-|delimiter=/|caseSensitive=false", + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1517161800564, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2 policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786611, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/pushNotification.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/URL.resourcetype.json 1`] = ` { "meta": Any, - "service": { - "pushNotification": { - "_id": "", - "_type": { - "_id": "pushNotification", - "collection": false, - "name": "Push Notification Service", - }, - "defaults": { - "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", - "mdCacheSize": 10000, - "mdConcurrency": 16, - "mdDuration": 120, - "region": "us-east-1", + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, }, - "location": "global", - "nextDescendents": [], + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1422892465848, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786629, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/rest.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/saml/Test-Entity.saml.json 1`] = ` { "meta": Any, - "service": { - "rest": { - "_id": "", - "_type": { - "_id": "rest", - "collection": false, - "name": "REST APIs", + "saml": { + "cot": {}, + "hosted": { + "VGVzdCBFbnRpdHk": { + "_id": "VGVzdCBFbnRpdHk", + "entityId": "Test Entity", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "http://localhost:8080/am/idpsaehandler/metaAlias/test", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/AIDReqSoap/IDPRole/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "http://localhost:8080/am/AIDReqUri/IDPRole/metaAlias/test", + }, + ], + "metaAlias": "/test", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/NIMSoap/metaAlias/test", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/ArtifactResolver/metaAlias/test", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPMniSoap/metaAlias/test", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPSloSoap/metaAlias/test", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SSORedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SSOPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SSOSoap/metaAlias/test", + }, + ], + }, + }, + }, + "serviceProvider": { + "advanced": { + "ecpConfiguration": { + "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", + }, + "idpProxy": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "spUrl": "http://localhost:8080/am/spsaehandler/metaAlias/test2", + }, + }, + "assertionContent": { + "assertionTimeSkew": 300, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "defaultItem": true, + "level": 0, + }, + ], + "authenticationComparisonType": "Exact", + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", + "includeRequestedAuthenticationContext": true, + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapping": { + "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", + }, + "adapter": { + "spAdapterScript": "[Empty]", + }, + "attributeMapper": { + "attributeMap": [ + { + "key": "*", + "value": "*", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", + }, + "autoFederation": {}, + "responseArtifactMessageEncoding": { + "encoding": "URI", + }, + "url": {}, + }, + "services": { + "metaAlias": "/test2", + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "index": 0, + "isDefault": true, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 1, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/ECP/metaAlias/test2", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPSloSoap/metaAlias/test2", + }, + ], + }, + }, + }, }, - "csrfFilterEnabled": true, - "defaultProtocolVersion": "Latest", - "defaultVersion": "Latest", - "descriptionsState": "STATIC", - "location": "global", - "nextDescendents": [], - "warningHeader": true, + }, + "metadata": { + "VGVzdCBFbnRpdHk": [ + "", + "", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + }, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.js 1`] = ` +"/* + * Copyright 2014-2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ +import com.iplanet.sso.SSOException +import com.sun.identity.idm.IdRepoException +import org.forgerock.oauth2.core.exceptions.InvalidRequestException +import org.forgerock.oauth2.core.UserInfoClaims +import org.forgerock.openidconnect.Claim + +/* +* Defined variables: +* logger - always presents, the "OAuth2Provider" debug logger instance +* claims - always present, default server provided claims - Map +* claimObjects - always present, default server provided claims - List +* session - present if the request contains the session cookie, the user's session object +* identity - always present, the identity of the resource owner +* scopes - always present, the requested scopes +* scriptName - always present, the display name of the script +* requestProperties - always present, contains a map of request properties: +* requestUri - the request URI +* realm - the realm that the request relates to +* requestParams - a map of the request params and/or posted data. Each value is a list of one or +* more properties. Please note that these should be handled in accordance with OWASP best practices. +* clientProperties - present if the client specified in the request was identified, contains a map of client +* properties: +* clientId - the client's Uri for the request locale +* allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) +* for the client +* allowedResponseTypes - list of the allowed response types for the client +* allowedScopes - list of the allowed scopes for the client +* customProperties - A map of the custom properties of the client. +* Lists or maps will be included as sub-maps, e.g: +* testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 +* requestedClaims - Map> +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, map of requested claims to possible values, otherwise empty, +* requested claims with no requested values will have a key but no value in the map. A key with +* a single value in its Set indicates this is the only value that should be returned. +* requestedTypedClaims - List +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, list of requested claims with claim name, requested possible values +* and if claim is essential, otherwise empty, +* requested claims with no requested values will have a claim with no values. A claims with +* a single value indicates this is the only value that should be returned. +* claimsLocales - the values from the 'claims_locales' parameter - List +* Required to return a Map of claims to be added to the id_token claims +* +* Expected return value structure: +* UserInfoClaims { +* Map values; // The values of the claims for the user information +* Map> compositeScopes; // Mapping of scope name to a list of claim names. +* } +*/ + +// user session not guaranteed to be present +boolean sessionPresent = session != null + +/* + * Pulls first value from users profile attribute + * + * @param claim The claim object. + * @param attr The profile attribute name. + */ +def fromSet = { claim, attr -> + if (attr != null && attr.size() == 1){ + attr.iterator().next() + } else if (attr != null && attr.size() > 1){ + attr + } else if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim"); + } +} + +// ---vvvvvvvvvv--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---vvvvvvvvvv--- +/* + * Claim resolver which resolves the value of the claim from its requested values. + * + * This resolver will return a value if the claim has one requested values, otherwise an exception is thrown. + */ +defaultClaimResolver = { claim -> + if (claim.getValues().size() == 1) { + [(claim.getName()): claim.getValues().iterator().next()] + } else { + [:] + } +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If no match is found an exception is thrown. + */ +userProfileClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim of the user's address. + * + * This resolver will return a value for the claim if: + * # the value of the address is not null + * + */ +userAddressClaimResolver = { claim, identity -> + if (identity != null) { + addressFormattedValue = fromSet(claim.getName(), identity.getAttribute("postaladdress")) + if (addressFormattedValue != null) { + return [ + "formatted" : addressFormattedValue + ] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If the claim is essential and no value is found an InvalidRequestException will be thrown and returned to the user. + * If no match is found an exception is thrown. + */ +essentialClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (claim.isEssential() && (userProfileValue == null || userProfileValue.isEmpty())) { + throw new InvalidRequestException("Could not provide value for essential claim $claim") + } + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the list of requested languages from the 'claims_locales' authorize request + * parameter and attempt to match it to a value from the users' profile attribute. + * If no match is found an exception is thrown. + */ +claimLocalesClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + locale = claimsLocales.find { locale -> localeValues.containsKey(locale) } + if (locale != null) { + return [(claim.getName()): localeValues.get(locale)] + } + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the language tag specified in the claim object and attempt to match it to a value + * from the users' profile attribute. If no match is found an exception is thrown. + */ +languageTagClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + if (claim.getLocale() != null) { + if (localeValues.containsKey(claim.getLocale())) { + return [(claim.getName()): localeValues.get(claim.getLocale())] + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName() + "#" + entry.getKey()): entry.getValue()] + } + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName()): entry.getValue()] + } + } + } + return [:] +} + +/* + * Given a string "en|English,jp|Japenese,fr_CA|French Canadian" will return map of locale -> value. + */ +parseLocaleAwareString = { s -> + return result = s.split(",").collectEntries { entry -> + split = entry.split("\\\\|") + [(split[0]): value = split[1]] + } +} +// ---^^^^^^^^^^--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---^^^^^^^^^^--- + +// -------------- UPDATE THIS TO CHANGE CLAIM TO ATTRIBUTE MAPPING FUNCTIONS --------------- +/* + * List of claim resolver mappings. + */ +// [ {claim}: {attribute retriever}, ... ] +claimAttributes = [ + "email": userProfileClaimResolver.curry("mail"), + "address": { claim, identity -> [ "address" : userAddressClaimResolver(claim, identity) ] }, + "phone_number": userProfileClaimResolver.curry("telephonenumber"), + "given_name": userProfileClaimResolver.curry("givenname"), + "zoneinfo": userProfileClaimResolver.curry("preferredtimezone"), + "family_name": userProfileClaimResolver.curry("sn"), + "locale": userProfileClaimResolver.curry("preferredlocale"), + "name": userProfileClaimResolver.curry("cn") +] + + +// -------------- UPDATE THIS TO CHANGE SCOPE TO CLAIM MAPPINGS -------------- +/* + * Map of scopes to claim objects. + */ +// {scope}: [ {claim}, ... ] +scopeClaimsMap = [ + "email": [ "email" ], + "address": [ "address" ], + "phone": [ "phone_number" ], + "profile": [ "given_name", "zoneinfo", "family_name", "locale", "name" ] +] + + +// ---------------- UPDATE BELOW FOR ADVANCED USAGES ------------------- +if (logger.messageEnabled()) { + scopes.findAll { s -> !("openid".equals(s) || scopeClaimsMap.containsKey(s)) }.each { s -> + logger.message("OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s") + } +} + +/* + * Computes the claims return key and value. The key may be a different value if the claim value is not in + * the requested language. + */ +def computeClaim = { claim -> + try { + claimResolver = claimAttributes.get(claim.getName(), { claimObj, identity -> defaultClaimResolver(claim)}) + claimResolver(claim, identity) + } catch (IdRepoException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } catch (SSOException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } +} + +/* + * Converts requested scopes into claim objects based on the scope mappings in scopeClaimsMap. + */ +def convertScopeToClaims = { + scopes.findAll { scope -> "openid" != scope && scopeClaimsMap.containsKey(scope) }.collectMany { scope -> + scopeClaimsMap.get(scope).collect { claim -> + new Claim(claim) + } + } +} + +// Creates a full list of claims to resolve from requested scopes, claims provided by AS and requested claims +def claimsToResolve = convertScopeToClaims() + claimObjects + requestedTypedClaims + +// Computes the claim return key and values for all requested claims +computedClaims = claimsToResolve.collectEntries() { claim -> + result = computeClaim(claim) +} + +// Computes composite scopes +def compositeScopes = scopeClaimsMap.findAll { scope -> + scopes.contains(scope.key) +} + +return new UserInfoClaims((Map)computedClaims, (Map)compositeScopes) +" +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.json 1`] = ` +{ + "meta": Any, + "script": { + "1817cc25-fc84-4053-8f91-4ef130616e25": { + "_id": "1817cc25-fc84-4053-8f91-4ef130616e25", + "context": "OIDC_CLAIMS", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Legacy", + "script": "file://Legacy.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); +} + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.json 1`] = ` +{ + "meta": Any, + "script": { + "31bd2ae6-c929-4547-b636-84b874715d60": { + "_id": "31bd2ae6-c929-4547-b636-84b874715d60", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "NextGeneration", + "script": "file://NextGeneration.script.js", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/saml2.service.json 1`] = ` -{ - "meta": Any, - "service": { - "saml2": { - "_id": "", - "_type": { - "_id": "saml2", - "collection": false, - "name": "SAML v2.0 Service Configuration", - }, - "bufferLength": 2048, - "caCertValidation": false, - "cacheCleanupInterval": 600, - "encryptedKeyInKeyInfo": true, - "idpDiscoveryCookieType": "PERSISTENT", - "idpDiscoveryUrlSchema": "HTTPS", - "location": "global", - "nameIDInfoAttribute": "sun-fm-saml2-nameid-info", - "nameIDInfoKeyAttribute": "sun-fm-saml2-nameid-infokey", - "nextDescendents": [], - "signingCertValidation": false, - "xmlEncryptionClass": "com.sun.identity.saml2.xmlenc.FMEncProvider", - "xmlSigningClass": "com.sun.identity.saml2.xmlsig.FMSigProvider", - }, - }, +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); } + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/security.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.json 1`] = ` { "meta": Any, - "service": { - "security": { - "_id": "", - "_type": { - "_id": "security", - "collection": false, - "name": "Legacy User Self Service", - }, - "defaults": { - "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", - "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", - "forgotPasswordEnabled": false, - "forgotPasswordTokenLifetime": 900, - "protectedUserAttributes": [], - "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", - "selfRegistrationEnabled": false, - "selfRegistrationTokenLifetime": 900, - "selfServiceEnabled": false, - "userRegisteredDestination": "default", - }, - "location": "global", - "nextDescendents": [], + "script": { + "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede": { + "_id": "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Test script description", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Test Script", + "script": "file://Test-Script.script.js", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/selfService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); +} + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.json 1`] = ` { "meta": Any, - "service": { - "selfService": { - "_id": "", - "_type": { - "_id": "selfService", - "collection": false, - "name": "User Self-Service", - }, - "defaults": { - "advancedConfig": { - "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", - "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", - "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", - "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", - "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", - }, - "forgottenPassword": { - "forgottenPasswordCaptchaEnabled": false, - "forgottenPasswordEmailBody": [ - "en|

Click on this link to reset your password.

", - ], - "forgottenPasswordEmailSubject": [ - "en|Forgotten password email", - ], - "forgottenPasswordEmailVerificationEnabled": true, - "forgottenPasswordEnabled": false, - "forgottenPasswordKbaEnabled": false, - "forgottenPasswordTokenPaddingLength": 450, - "forgottenPasswordTokenTTL": 300, - "numberOfAllowedAttempts": 1, - "numberOfAttemptsEnforced": false, - }, - "forgottenUsername": { - "forgottenUsernameCaptchaEnabled": false, - "forgottenUsernameEmailBody": [ - "en|

Your username is %username%.

", - ], - "forgottenUsernameEmailSubject": [ - "en|Forgotten username email", - ], - "forgottenUsernameEmailUsernameEnabled": true, - "forgottenUsernameEnabled": false, - "forgottenUsernameKbaEnabled": false, - "forgottenUsernameShowUsernameEnabled": false, - "forgottenUsernameTokenTTL": 300, + "script": { + "9a7836ff-b597-4799-8a6f-306fdf40f238": { + "_id": "9a7836ff-b597-4799-8a6f-306fdf40f238", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "This is a test script", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", }, - "generalConfig": { - "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", - "kbaQuestions": [ - "4|en|What is your mother's maiden name?", - "3|en|What was the name of your childhood pet?", - "2|en|What was the model of your first car?", - "1|en|What is the name of your favourite restaurant?", - ], - "minimumAnswersToDefine": 1, - "minimumAnswersToVerify": 1, - "validQueryAttributes": [ - "uid", - "mail", - "givenName", - "sn", - ], + { + "arity": 2, + "id": "logWarning", + "type": "Function", }, - "profileManagement": { - "profileAttributeWhitelist": [ - "uid", - "telephoneNumber", - "mail", - "kbaInfo", - "givenName", - "sn", - "cn", - ], - "profileProtectedUserAttributes": [ - "telephoneNumber", - "mail", - ], + { + "arity": 2, + "id": "logInfo", + "type": "Function", }, - "userRegistration": { - "userRegisteredDestination": "default", - "userRegistrationCaptchaEnabled": false, - "userRegistrationEmailBody": [ - "en|

Click on this link to register.

", - ], - "userRegistrationEmailSubject": [ - "en|Registration email", - ], - "userRegistrationEmailVerificationEnabled": true, - "userRegistrationEmailVerificationFirstEnabled": false, - "userRegistrationEnabled": false, - "userRegistrationKbaEnabled": false, - "userRegistrationTokenTTL": 300, - "userRegistrationValidUserAttributes": [ - "userPassword", - "mail", - "givenName", - "kbaInfo", - "inetUserStatus", - "sn", - "username", - ], + { + "arity": 2, + "id": "logDebug", + "type": "Function", }, - }, - "location": "global", - "nextDescendents": [], + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "test script 2", + "script": "file://test-script-2.script.js", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/selfServiceTrees.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-keystore.secretstore.json 1`] = ` { "meta": Any, - "service": { - "selfServiceTrees": { - "_id": "", + "secretstore": { + "default-keystore": { + "_id": "default-keystore", "_type": { - "_id": "selfServiceTrees", - "collection": false, - "name": "Self Service Trees", - }, - "defaults": { - "enabled": true, - "treeMapping": {}, + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", }, - "location": "global", - "nextDescendents": [], + "file": "/home/prestonhales/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/session.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-passwords-store.secretstore.json 1`] = ` { "meta": Any, - "service": { - "session": { - "_id": "", + "secretstore": { + "default-passwords-store": { + "_id": "default-passwords-store", "_type": { - "_id": "session", - "collection": false, - "name": "Session", - }, - "dynamic": { - "maxCachingTime": 3, - "maxIdleTime": 30, - "maxSessionTime": 120, - "quotaLimit": 5, - }, - "general": { - "crossUpgradeReferenceFlag": false, - "dnRestrictionOnly": false, - "latestAccessTimeUpdateFrequency": 60, - "timeoutHandlers": [], - }, - "location": "global", - "nextDescendents": [], - "notifications": { - "notificationPropertyList": [], - "propertyChangeNotifications": "OFF", - }, - "quotas": { - "behaviourWhenQuotaExhausted": "org.forgerock.openam.session.service.DestroyNextExpiringAction", - "denyLoginWhenRepoDown": "NO", - "iplanet-am-session-enable-session-constraint": "OFF", - "quotaConstraintMaxWaitTime": 6000, - }, - "search": { - "maxSessionListSize": 120, - "sessionListRetrievalTimeout": 5, - }, - "stateless": { - "openam-session-stateless-blacklist-cache-size": 10000, - "openam-session-stateless-blacklist-poll-interval": 60, - "openam-session-stateless-blacklist-purge-delay": 1, - "openam-session-stateless-enable-session-blacklisting": false, - "openam-session-stateless-logout-poll-interval": 60, - "statelessCompressionType": "NONE", - "statelessEncryptionAesKey": null, - "statelessEncryptionType": "DIRECT", - "statelessLogoutByUser": false, - "statelessSigningHmacSecret": null, - "statelessSigningType": "HS256", + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", }, + "directory": "/home/prestonhales/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/socialauthentication.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/IdentityAssertionService.service.json 1`] = ` { "meta": Any, "service": { - "socialauthentication": { + "IdentityAssertionService": { "_id": "", "_type": { - "_id": "socialauthentication", + "_id": "IdentityAssertionService", "collection": false, - "name": "Social Authentication Implementations", - }, - "defaults": { - "authenticationChains": {}, - "displayNames": {}, - "enabledKeys": [], - "icons": {}, + "name": "Identity Assertion Service", }, - "location": "global", + "cacheDuration": 120, + "enable": true, + "location": "/", "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/transaction.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/RemoteConsentService.service.json 1`] = ` { "meta": Any, "service": { - "transaction": { + "RemoteConsentService": { "_id": "", "_type": { - "_id": "transaction", + "_id": "RemoteConsentService", "collection": false, - "name": "Transaction Authentication Service", - }, - "defaults": { - "timeToLive": "180", + "name": "Remote Consent Service", }, - "location": "global", + "consentResponseTimeLimit": 2, + "jwkStoreCacheMissCacheTime": 1, + "jwkStoreCacheTimeout": 5, + "location": "/", "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/uma.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/SocialIdentityProviders.service.json 1`] = ` { "meta": Any, "service": { - "uma": { + "SocialIdentityProviders": { "_id": "", "_type": { - "_id": "uma", + "_id": "SocialIdentityProviders", "collection": false, - "name": "UMA Provider", - }, - "defaults": { - "claimsGathering": { - "claimsGatheringService": "[Empty]", - "interactiveClaimsGatheringEnabled": false, - "pctLifetime": 604800, - }, - "generalSettings": { - "deletePoliciesOnDeleteRS": true, - "deleteResourceSetsOnDeleteRS": true, - "emailRequestingPartyOnPendingRequestApproval": true, - "emailResourceOwnerOnPendingRequestCreation": true, - "grantResourceOwnerImplicitConsent": true, - "grantRptConditions": [ - "REQUEST_PARTIAL", - "REQUEST_NONE", - "TICKET_PARTIAL", - ], - "pendingRequestsEnabled": true, - "permissionTicketLifetime": 120, - "resharingMode": "IMPLICIT", - "userProfileLocaleAttribute": "inetOrgPerson", - }, + "name": "Social Identity Provider Service", }, - "location": "global", - "nextDescendents": [], - "umaPolicyUpgradeCompatibilityMode": false, + "enabled": true, + "location": "/", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/user.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/amSessionPropertyWhitelist.service.json 1`] = ` { "meta": Any, "service": { - "user": { + "amSessionPropertyWhitelist": { "_id": "", "_type": { - "_id": "user", + "_id": "amSessionPropertyWhitelist", "collection": false, - "name": "User", - }, - "dynamic": { - "defaultUserStatus": "Active", + "name": "Session Property Whitelist Service", }, - "location": "global", + "location": "/", "nextDescendents": [], + "sessionPropertyWhitelist": [ + "AMCtxId", + ], + "whitelistedQueryProperties": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/service/validation.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/audit.service.json 1`] = ` { "meta": Any, "service": { - "validation": { + "audit": { "_id": "", "_type": { - "_id": "validation", + "_id": "audit", "collection": false, - "name": "Validation Service", - }, - "defaults": { - "validGotoDestinations": [], + "name": "Audit Logging", }, - "location": "global", + "auditEnabled": true, + "blacklistFieldFilters": [], + "location": "/", "nextDescendents": [], - "validGotoDestinations": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/site/testsite.site.json 1`] = ` -{ - "meta": Any, - "site": { - "testsite": { - "_id": "testsite", - "secondaryURLs": [], - "servers": [ - { - "id": "03", - "url": "http://localhost:8081/am", - }, - ], - "url": "http://testurl.com:8080", + "whitelistFieldFilters": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/global/webhookService/webhooks.webhookService.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorOathService.service.json 1`] = ` { "meta": Any, - "webhookService": { - "webhooks": { + "service": { + "authenticatorOathService": { "_id": "", "_type": { - "_id": "webhooks", + "_id": "authenticatorOathService", "collection": false, - "name": "Webhook Service", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/Test-IG.agent.json 1`] = ` -{ - "agent": { - "Test IG": { - "_id": "Test IG", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", + "name": "ForgeRock Authenticator (OATH) Service", }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [], - "igTokenIntrospection": "None", - "secretLabelIdentifier": null, - "status": "Active", - "userpassword": null, + "authenticatorOATHDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", + "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", + "authenticatorOATHSkippableName": "oath2faEnabled", + "location": "/", + "nextDescendents": [], + "oathAttrName": "oathDeviceProfiles", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/Test-SOAP-STS.agent.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorPushService.service.json 1`] = ` { - "agent": { - "Test SOAP STS": { - "_id": "Test SOAP STS", - "_type": { - "_id": "SoapSTSAgent", - "collection": true, - "name": "SOAP STS Agents", - }, - "agentgroup": null, - "publishServicePollInterval": 300, - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/Test-Web.agent.json 1`] = ` -{ - "agent": { - "Test Web": { - "_id": "Test Web", + "service": { + "authenticatorPushService": { + "_id": "", "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testurl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "secretLabelIdentifier": null, - "ssoOnlyMode": false, - "status": "Active", - "userpassword": null, - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, + "_id": "authenticatorPushService", + "collection": false, + "name": "ForgeRock Authenticator (Push) Service", }, + "authenticatorPushDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", + "authenticatorPushSkippableName": "push2faEnabled", + "location": "/", + "nextDescendents": [], + "pushAttrName": "pushDeviceProfiles", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/my-policy-agent.agent.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorWebAuthnService.service.json 1`] = ` { - "agent": { - "my-policy-agent": { - "_id": "my-policy-agent", - "_type": { - "_id": "2.2_Agent", - "collection": true, - "name": "Policy Agents", - }, - "cdssoRootUrl": [], - "description": null, - "status": "Active", - "userpassword": null, - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/test.agent.json 1`] = ` -{ - "agent": { - "test": { - "_id": "test", + "service": { + "authenticatorWebAuthnService": { + "_id": "", "_type": { - "_id": "RemoteConsentAgent", - "collection": true, - "name": "OAuth2 Remote Consent Service", + "_id": "authenticatorWebAuthnService", + "collection": false, + "name": "WebAuthn Profile Encryption Service", }, - "agentgroup": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "remoteConsentRedirectUrl": null, - "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentRequestEncryptionEnabled": true, - "remoteConsentRequestEncryptionMethod": "A128GCM", - "remoteConsentRequestSigningAlgorithm": "RS256", - "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentResponseEncryptionMethod": "A128GCM", - "remoteConsentResponseSigningAlg": "RS256", - "requestTimeLimit": 180, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jceks", + "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", + "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], + "webauthnAttrName": "webauthnDeviceProfiles", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/test-java.agent.json 1`] = ` -{ - "agent": { - "test java": { - "_id": "test java", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": "Test Java Group", - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "secretLabelIdentifier": null, - "status": "Active", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "userpassword": null, - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/test/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": "/test/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/baseurl.service.json 1`] = ` +{ + "meta": Any, + "service": { + "baseurl": { + "_id": "", + "_type": { + "_id": "baseurl", + "collection": false, + "name": "Base URL Source", }, + "contextPath": "/am", + "location": "/", + "nextDescendents": [], + "source": "REQUEST_VALUES", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agent/test-software-publisher.agent.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/dashboard.service.json 1`] = ` { - "agent": { - "test software publisher": { - "_id": "test software publisher", + "meta": Any, + "service": { + "dashboard": { + "_id": "", "_type": { - "_id": "SoftwarePublisher", - "collection": true, - "name": "OAuth2 Software Publisher", + "_id": "dashboard", + "collection": false, + "name": "Dashboard", }, - "agentgroup": null, - "issuer": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "softwareStatementSigningAlgorithm": "RS256", + "assignedDashboard": [], + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Oauth2-group.agentGroup.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceBindingService.service.json 1`] = ` { - "agentGroup": { - "Oauth2 group": { - "_id": "Oauth2 group", + "meta": Any, + "service": { + "deviceBindingService": { + "_id": "", "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [], - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, + "_id": "deviceBindingService", + "collection": false, + "name": "Device Binding Service", }, + "deviceBindingAttrName": "boundDevices", + "deviceBindingSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceBindingSettingsEncryptionKeystorePassword": null, + "deviceBindingSettingsEncryptionKeystoreType": "JKS", + "deviceBindingSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Remote-consent-group.agentGroup.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceIdService.service.json 1`] = ` { - "agentGroup": { - "Remote consent group": { - "_id": "Remote consent group", + "meta": Any, + "service": { + "deviceIdService": { + "_id": "", "_type": { - "_id": "RemoteConsentAgent", - "collection": true, - "name": "OAuth2 Remote Consent Service", + "_id": "deviceIdService", + "collection": false, + "name": "Device ID Service", }, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "remoteConsentRedirectUrl": null, - "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentRequestEncryptionEnabled": true, - "remoteConsentRequestEncryptionMethod": "A128GCM", - "remoteConsentRequestSigningAlgorithm": "RS256", - "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentResponseEncryptionMethod": "A128GCM", - "remoteConsentResponseSigningAlg": "RS256", - "requestTimeLimit": 180, + "deviceIdAttrName": "devicePrintProfiles", + "deviceIdSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceIdSettingsEncryptionKeystorePassword": null, + "deviceIdSettingsEncryptionKeystoreType": "JKS", + "deviceIdSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Software-publisher-group.agentGroup.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceProfilesService.service.json 1`] = ` { - "agentGroup": { - "Software publisher group": { - "_id": "Software publisher group", + "meta": Any, + "service": { + "deviceProfilesService": { + "_id": "", "_type": { - "_id": "SoftwarePublisher", - "collection": true, - "name": "OAuth2 Software Publisher", + "_id": "deviceProfilesService", + "collection": false, + "name": "Device Profiles Service", }, - "issuer": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "softwareStatementSigningAlgorithm": "RS256", + "deviceProfilesAttrName": "deviceProfiles", + "deviceProfilesSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceProfilesSettingsEncryptionKeystorePassword": null, + "deviceProfilesSettingsEncryptionKeystoreType": "JKS", + "deviceProfilesSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-IG-Group.agentGroup.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/email.service.json 1`] = ` { - "agentGroup": { - "Test IG Group": { - "_id": "Test IG Group", + "meta": Any, + "service": { + "email": { + "_id": "", "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", + "_id": "email", + "collection": false, + "name": "Email Service", }, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [], - "igTokenIntrospection": "None", - "status": "Active", + "emailAddressAttribute": "mail", + "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", + "emailRateLimitSeconds": 1, + "location": "/", + "nextDescendents": [], + "port": 465, + "sslState": "SSL", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-Java-Group.agentGroup.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/id-repositories.service.json 1`] = ` { - "agentGroup": { - "Test Java Group": { - "_id": "Test Java Group", + "meta": Any, + "service": { + "id-repositories": { + "_id": "", "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", + "location": "/", + "nextDescendents": [ + { + "_id": "embedded", + "_type": { + "_id": "LDAPv3ForOpenDS", + "collection": true, + "name": "OpenDJ", + }, + "authentication": { + "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", + }, + "cachecontrol": { + "sun-idrepo-ldapv3-dncache-enabled": true, + "sun-idrepo-ldapv3-dncache-size": 1500, + }, + "errorhandling": { + "com.iplanet.am.ldap.connection.delay.between.retries": 1000, + }, + "groupconfig": { + "sun-idrepo-ldapv3-config-group-attributes": [ + "dn", + "cn", + "uniqueMember", + "objectclass", + ], + "sun-idrepo-ldapv3-config-group-container-name": "ou", + "sun-idrepo-ldapv3-config-group-container-value": "groups", + "sun-idrepo-ldapv3-config-group-objectclass": [ + "top", + "groupofuniquenames", + ], + "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", + "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", + "sun-idrepo-ldapv3-config-memberurl": "memberUrl", + "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", + }, + "ldapsettings": { + "openam-idrepo-ldapv3-affinity-level": "all", + "openam-idrepo-ldapv3-behera-support-enabled": true, + "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, + "openam-idrepo-ldapv3-heartbeat-interval": 10, + "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", + "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", + "openam-idrepo-ldapv3-mtls-enabled": false, + "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, + "openam-idrepo-ldapv3-proxied-auth-enabled": false, + "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", + "sun-idrepo-ldapv3-config-authpw": null, + "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", + "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, + "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, + "sun-idrepo-ldapv3-config-ldap-server": [ + "localhost:50636", + "localhost:50636|01", + ], + "sun-idrepo-ldapv3-config-max-result": 1000, + "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", + "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-time-limit": 10, + "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + }, + "persistentsearch": { + "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", + "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + }, + "pluginconfig": { + "sunIdRepoAttributeMapping": [], + "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", + "sunIdRepoSupportedOperations": [ + "realm=read,create,edit,delete,service", + "user=read,create,edit,delete,service", + "group=read,create,edit,delete", + ], + }, + "userconfig": { + "sun-idrepo-ldapv3-config-active": "Active", + "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ + "kbaInfoAttempts", + ], + "sun-idrepo-ldapv3-config-auth-kba-attr": [ + "kbaInfo", + ], + "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", + "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ + "cn", + "sn", + ], + "sun-idrepo-ldapv3-config-inactive": "Inactive", + "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", + "sun-idrepo-ldapv3-config-people-container-name": "ou", + "sun-idrepo-ldapv3-config-people-container-value": "people", + "sun-idrepo-ldapv3-config-user-attributes": [ + "iplanet-am-auth-configuration", + "iplanet-am-user-alias-list", + "iplanet-am-user-password-reset-question-answer", + "mail", + "assignedDashboard", + "authorityRevocationList", + "dn", + "iplanet-am-user-password-reset-options", + "employeeNumber", + "createTimestamp", + "kbaActiveIndex", + "caCertificate", + "iplanet-am-session-quota-limit", + "iplanet-am-user-auth-config", + "sun-fm-saml2-nameid-infokey", + "sunIdentityMSISDNNumber", + "iplanet-am-user-password-reset-force-reset", + "sunAMAuthInvalidAttemptsData", + "devicePrintProfiles", + "givenName", + "iplanet-am-session-get-valid-sessions", + "objectClass", + "adminRole", + "inetUserHttpURL", + "lastEmailSent", + "iplanet-am-user-account-life", + "postalAddress", + "userCertificate", + "preferredtimezone", + "iplanet-am-user-admin-start-dn", + "boundDevices", + "oath2faEnabled", + "preferredlanguage", + "sun-fm-saml2-nameid-info", + "userPassword", + "iplanet-am-session-service-status", + "telephoneNumber", + "iplanet-am-session-max-idle-time", + "distinguishedName", + "iplanet-am-session-destroy-sessions", + "kbaInfoAttempts", + "modifyTimestamp", + "uid", + "iplanet-am-user-success-url", + "iplanet-am-user-auth-modules", + "kbaInfo", + "memberOf", + "sn", + "preferredLocale", + "manager", + "iplanet-am-session-max-session-time", + "deviceProfiles", + "cn", + "oathDeviceProfiles", + "webauthnDeviceProfiles", + "iplanet-am-user-login-status", + "pushDeviceProfiles", + "push2faEnabled", + "inetUserStatus", + "retryLimitNodeCount", + "iplanet-am-user-failure-url", + "iplanet-am-session-max-caching-time", + "thingType", + "thingKeys", + "thingOAuth2ClientName", + "thingConfig", + "thingProperties", + ], + "sun-idrepo-ldapv3-config-user-objectclass": [ + "iplanet-am-managed-person", + "inetuser", + "sunFMSAML2NameIdentifier", + "inetorgperson", + "devicePrintProfilesContainer", + "boundDevicesContainer", + "iplanet-am-user-service", + "iPlanetPreferences", + "pushDeviceProfilesContainer", + "forgerock-am-dashboard-service", + "organizationalperson", + "top", + "kbaInfoContainer", + "person", + "sunAMAuthAccountLockout", + "oathDeviceProfilesContainer", + "webauthnDeviceProfilesContainer", + "iplanet-am-auth-configuration-service", + "deviceProfilesContainer", + "fr-iot", + ], + "sun-idrepo-ldapv3-config-users-search-attribute": "uid", + "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + }, }, - "fqdnCheck": false, - "fqdnDefault": null, - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "status": "Active", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": null, - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": {}, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": null, - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, + ], + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-SOAP-STS-group.agentGroup.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/iot.service.json 1`] = ` { - "agentGroup": { - "Test SOAP STS group": { - "_id": "Test SOAP STS group", + "meta": Any, + "service": { + "iot": { + "_id": "", "_type": { - "_id": "SoapSTSAgent", - "collection": true, - "name": "SOAP STS Agents", + "_id": "iot", + "collection": false, + "name": "IoT Service", }, - "publishServicePollInterval": 300, + "attributeAllowlist": [ + "thingConfig", + ], + "createOAuthClient": false, + "createOAuthJwtIssuer": false, + "location": "/", + "nextDescendents": [], + "oauthClientName": "forgerock-iot-oauth2-client", + "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Test-Web-Group.agentGroup.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/oauth-oidc.service.json 1`] = ` { - "agentGroup": { - "Test Web Group": { - "_id": "Test Web Group", + "meta": Any, + "service": { + "oauth-oidc": { + "_id": "", "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testurl.com:8080/UI/Logout", + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "applicationLogoutUrls": [ - "", + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "conditionalLoginUrl": [ - "", + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "regexConditionalLoginUrl": [ - "", + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "notEnforcedIpsList": [ - "", + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": null, - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "resetIdleTime": false, - "ssoOnlyMode": false, - "status": "Active", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/Trusted-JWT-group.agentGroup.json 1`] = ` -{ - "agentGroup": { - "Trusted JWT group": { - "_id": "Trusted JWT group", - "_type": { - "_id": "TrustedJwtIssuer", - "collection": true, - "name": "OAuth2 Trusted JWT Issuer", + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - "allowedSubjects": [], - "consentedScopesClaim": "scope", - "issuer": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "resourceOwnerIdentityClaim": "sub", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/agentGroup/testwebgroup.agentGroup.json 1`] = ` -{ - "agentGroup": { - "testwebgroup": { - "_id": "testwebgroup", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://test.com:8080/cool/UI/Logout", + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "applicationLogoutUrls": [ - "", + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "conditionalLoginUrl": [ - "", + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "regexConditionalLoginUrl": [ - "", + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", ], - "notEnforcedIpsList": [ - "", + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": null, - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "resetIdleTime": false, - "ssoOnlyMode": false, - "status": "Active", - "webSocketConnectionIntervalInMinutes": 30, }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, + "location": "/", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", }, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pingOneWorkerService.service.json 1`] = ` { - "applicationTypes": { - "iPlanetAMWebAgentService": { - "_id": "iPlanetAMWebAgentService", - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "iPlanetAMWebAgentService", - "resourceComparator": "com.sun.identity.entitlement.URLResourceName", - "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", - "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "sunAMDelegationService": { - "_id": "sunAMDelegationService", - "actions": { - "DELEGATE": true, - "MODIFY": true, - "READ": true, + "service": { + "pingOneWorkerService": { + "_id": "", + "_type": { + "_id": "pingOneWorkerService", + "collection": false, + "name": "PingOne Worker Service", }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "sunAMDelegationService", - "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", - "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", - "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "umaApplicationType": { - "_id": "umaApplicationType", - "actions": {}, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "umaApplicationType", - "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", - "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", - "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", + "enabled": true, + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authentication/root.authentication.settings.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/policyconfiguration.service.json 1`] = ` { - "authentication": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Core", - }, - "accountlockout": { - "lockoutDuration": 0, - "lockoutDurationMultiplier": 1, - "lockoutWarnUserCount": 0, - "loginFailureCount": 5, - "loginFailureDuration": 300, - "loginFailureLockoutMode": false, - "storeInvalidAttemptsInDataStore": true, - }, - "core": { - "adminAuthModule": "ldapService", - "orgConfig": "ldapService", - }, - "general": { - "defaultAuthLevel": 0, - "identityType": [ - "agent", - "user", - ], - "locale": "en_US", - "statelessSessionsEnabled": false, - "twoFactorRequired": false, - "userStatusCallbackPlugins": [], - }, - "postauthprocess": { - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [ - "/am/console", - ], - "userAttributeSessionMapping": [], - "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", - "usernameGeneratorEnabled": true, - }, - "security": { - "addClearSiteDataHeader": true, - "moduleBasedAuthEnabled": true, - "sharedSecret": null, - "zeroPageLoginAllowedWithoutReferrer": true, - "zeroPageLoginEnabled": false, - "zeroPageLoginReferrerWhiteList": [], - }, - "trees": { - "authenticationSessionsMaxDuration": 5, - "authenticationSessionsStateManagement": "JWT", - "authenticationSessionsWhitelist": false, - "authenticationTreeCookieHttpOnly": true, - "suspendedAuthenticationTimeout": 5, - }, - "userprofile": { - "aliasAttributeName": [ - "uid", - ], - "defaultRole": [], - "dynamicProfileCreation": "false", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationChains/amsterService.authenticationChains.json 1`] = ` -{ - "authenticationChains": { - "amsterService": { - "_id": "amsterService", + "service": { + "policyconfiguration": { + "_id": "", "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "Amster", - "options": {}, - }, + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], + "location": "/", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationChains/ldapService.authenticationChains.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pushNotification.service.json 1`] = ` { - "authenticationChains": { - "ldapService": { - "_id": "ldapService", + "meta": Any, + "service": { + "pushNotification": { + "_id": "", "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", + "_id": "pushNotification", + "collection": false, + "name": "Push Notification Service", }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "DataStore", - "options": {}, - }, - ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], + "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", + "location": "/", + "mdCacheSize": 10000, + "mdConcurrency": 16, + "mdDuration": 120, + "nextDescendents": [], + "region": "us-east-1", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/amster.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/security.service.json 1`] = ` { - "authenticationModules": { - "amster": { - "_id": "amster", + "meta": Any, + "service": { + "security": { + "_id": "", "_type": { - "_id": "amster", - "collection": true, - "name": "ForgeRock Amster", + "_id": "security", + "collection": false, + "name": "Legacy User Self Service", }, - "authenticationLevel": 0, - "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", - "enabled": true, + "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", + "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "forgotPasswordEnabled": false, + "forgotPasswordTokenLifetime": 900, + "location": "/", + "nextDescendents": [], + "protectedUserAttributes": [], + "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "selfRegistrationEnabled": false, + "selfRegistrationTokenLifetime": 900, + "selfServiceEnabled": false, + "userRegisteredDestination": "default", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/datastore.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfService.service.json 1`] = ` { - "authenticationModules": { - "datastore": { - "_id": "datastore", + "meta": Any, + "service": { + "selfService": { + "_id": "", "_type": { - "_id": "datastore", - "collection": true, - "name": "Data Store", + "_id": "selfService", + "collection": false, + "name": "User Self-Service", + }, + "advancedConfig": { + "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", + "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", + "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", + "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", + "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", + }, + "forgottenPassword": { + "forgottenPasswordCaptchaEnabled": false, + "forgottenPasswordEmailBody": [ + "en|

Click on this link to reset your password.

", + ], + "forgottenPasswordEmailSubject": [ + "en|Forgotten password email", + ], + "forgottenPasswordEmailVerificationEnabled": true, + "forgottenPasswordEnabled": false, + "forgottenPasswordKbaEnabled": false, + "forgottenPasswordTokenPaddingLength": 450, + "forgottenPasswordTokenTTL": 300, + "numberOfAllowedAttempts": 1, + "numberOfAttemptsEnforced": false, + }, + "forgottenUsername": { + "forgottenUsernameCaptchaEnabled": false, + "forgottenUsernameEmailBody": [ + "en|

Your username is %username%.

", + ], + "forgottenUsernameEmailSubject": [ + "en|Forgotten username email", + ], + "forgottenUsernameEmailUsernameEnabled": true, + "forgottenUsernameEnabled": false, + "forgottenUsernameKbaEnabled": false, + "forgottenUsernameShowUsernameEnabled": false, + "forgottenUsernameTokenTTL": 300, + }, + "generalConfig": { + "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", + "kbaQuestions": [ + "4|en|What is your mother's maiden name?", + "3|en|What was the name of your childhood pet?", + "2|en|What was the model of your first car?", + "1|en|What is the name of your favourite restaurant?", + ], + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "validQueryAttributes": [ + "uid", + "mail", + "givenName", + "sn", + ], + }, + "location": "/", + "nextDescendents": [], + "profileManagement": { + "profileAttributeWhitelist": [ + "uid", + "telephoneNumber", + "mail", + "kbaInfo", + "givenName", + "sn", + "cn", + ], + "profileProtectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + }, + "userRegistration": { + "userRegisteredDestination": "default", + "userRegistrationCaptchaEnabled": false, + "userRegistrationEmailBody": [ + "en|

Click on this link to register.

", + ], + "userRegistrationEmailSubject": [ + "en|Registration email", + ], + "userRegistrationEmailVerificationEnabled": true, + "userRegistrationEmailVerificationFirstEnabled": false, + "userRegistrationEnabled": false, + "userRegistrationKbaEnabled": false, + "userRegistrationTokenTTL": 300, + "userRegistrationValidUserAttributes": [ + "userPassword", + "mail", + "givenName", + "kbaInfo", + "inetUserStatus", + "sn", + "username", + ], }, - "authenticationLevel": 0, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/federation.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfServiceTrees.service.json 1`] = ` { - "authenticationModules": { - "federation": { - "_id": "federation", + "meta": Any, + "service": { + "selfServiceTrees": { + "_id": "", "_type": { - "_id": "federation", - "collection": true, - "name": "Federation", + "_id": "selfServiceTrees", + "collection": false, + "name": "Self Service Trees", + }, + "enabled": true, + "location": "/", + "nextDescendents": [], + "treeMapping": { + "forgottenUsername": "PlatformForgottenUsername", + "registration": "PlatformRegistration", + "resetPassword": "PlatformResetPassword", + "updatePassword": "PlatformUpdatePassword", }, - "authenticationLevel": 0, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/hotp.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/socialauthentication.service.json 1`] = ` { - "authenticationModules": { - "hotp": { - "_id": "hotp", + "meta": Any, + "service": { + "socialauthentication": { + "_id": "", "_type": { - "_id": "hotp", - "collection": true, - "name": "HOTP", + "_id": "socialauthentication", + "collection": false, + "name": "Social Authentication Implementations", }, - "authenticationLevel": 0, - "autoSendOTP": false, - "otpDeliveryMethod": "SMS and E-mail", - "otpLength": "8", - "otpMaxRetry": 3, - "otpValidityDuration": 5, - "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "smtpFromAddress": "no-reply@openam.org", - "smtpHostPort": 465, - "smtpHostname": "smtp.gmail.com", - "smtpSslEnabled": "SSL", - "smtpUserPassword": null, - "smtpUsername": "opensso.sun", - "userProfileEmailAttribute": "mail", - "userProfileTelephoneAttribute": "telephoneNumber", + "authenticationChains": {}, + "displayNames": {}, + "enabledKeys": [], + "icons": {}, + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/ldap.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/transaction.service.json 1`] = ` { - "authenticationModules": { - "ldap": { - "_id": "ldap", + "meta": Any, + "service": { + "transaction": { + "_id": "", "_type": { - "_id": "ldap", - "collection": true, - "name": "LDAP", + "_id": "transaction", + "collection": false, + "name": "Transaction Authentication Service", }, - "authenticationLevel": 0, - "beheraPasswordPolicySupportEnabled": true, - "connectionHeartbeatInterval": 10, - "connectionHeartbeatTimeUnit": "SECONDS", - "minimumPasswordLength": "8", - "openam-auth-ldap-connection-mode": "LDAPS", - "operationTimeout": 0, - "primaryLdapServer": [ - "localhost:50636", - ], - "profileAttributeMappings": [], - "returnUserDN": true, - "searchScope": "SUBTREE", - "secondaryLdapServer": [], - "stopLdapbindAfterInmemoryLockedEnabled": false, - "trustAllServerCertificates": false, - "userBindDN": "cn=Directory Manager", - "userBindPassword": null, - "userProfileRetrievalAttribute": "uid", - "userSearchAttributes": [ - "uid", - ], - "userSearchStartDN": [ - "dc=openam,dc=forgerock,dc=org", - ], + "location": "/", + "nextDescendents": [], + "timeToLive": "180", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/oath.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/user.service.json 1`] = ` { - "authenticationModules": { - "oath": { - "_id": "oath", + "meta": Any, + "service": { + "user": { + "_id": "", "_type": { - "_id": "oath", - "collection": true, - "name": "OATH", + "_id": "user", + "collection": false, + "name": "User", }, - "addChecksum": "False", - "authenticationLevel": 0, - "forgerock-oath-maximum-clock-drift": 0, - "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", - "hotpWindowSize": 100, - "minimumSecretKeyLength": "32", - "oathAlgorithm": "HOTP", - "oathOtpMaxRetry": 3, - "passwordLength": "6", - "stepsInWindow": 2, - "timeStepSize": 30, - "truncationOffset": -1, + "dynamic": { + "defaultUserStatus": "Active", + }, + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/authenticationModules/sae.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/validation.service.json 1`] = ` { - "authenticationModules": { - "sae": { - "_id": "sae", + "meta": Any, + "service": { + "validation": { + "_id": "", "_type": { - "_id": "sae", - "collection": true, - "name": "SAE", + "_id": "validation", + "collection": false, + "name": "Validation Service", }, - "authenticationLevel": 0, + "location": "/", + "nextDescendents": [], + "validGotoDestinations": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectAttributes/undefined.subjectAttributes.json 1`] = ` { - "conditionTypes": { - "AMIdentityMembership": { - "_id": "AMIdentityMembership", - "config": { - "properties": { - "amIdentityName": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AMIdentityMembership", - }, - }, "meta": Any, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AND.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AND.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "AND": { "_id": "AND", "config": { "properties": { - "conditions": { + "subjects": { "type": "array", }, }, @@ -381598,213 +395424,100 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "AND", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthLevel": { - "_id": "AuthLevel", - "config": { - "properties": { - "authLevel": { - "type": "integer", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthLevel", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthScheme": { - "_id": "AuthScheme", - "config": { - "properties": { - "applicationIdleTimeout": { - "type": "integer", - }, - "applicationName": { - "type": "string", - }, - "authScheme": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthScheme", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthenticateToRealm": { - "_id": "AuthenticateToRealm", - "config": { - "properties": { - "authenticateToRealm": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthenticateToRealm", - }, - }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` { - "conditionTypes": { - "AuthenticateToService": { - "_id": "AuthenticateToService", - "config": { - "properties": { - "authenticateToService": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthenticateToService", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv4.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "IPv4": { - "_id": "IPv4", - "config": { - "properties": { - "dnsName": { - "items": { - "type": "string", - }, - "type": "array", - }, - "endIp": { - "type": "string", - }, - "startIp": { - "type": "string", - }, - }, + "subjectTypes": { + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", + "config": { + "properties": {}, "type": "object", }, "logical": false, - "title": "IPv4", + "title": "AuthenticatedUsers", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv6.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Identity.subjectTypes.json 1`] = ` { - "conditionTypes": { - "IPv6": { - "_id": "IPv6", + "meta": Any, + "subjectTypes": { + "Identity": { + "_id": "Identity", "config": { "properties": { - "dnsName": { + "subjectValues": { "items": { "type": "string", }, "type": "array", }, - "endIp": { - "type": "string", - }, - "startIp": { - "type": "string", - }, }, "type": "object", }, "logical": false, - "title": "IPv6", + "title": "Identity", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` { - "conditionTypes": { - "LDAPFilter": { - "_id": "LDAPFilter", + "meta": Any, + "subjectTypes": { + "JwtClaim": { + "_id": "JwtClaim", "config": { "properties": { - "ldapFilter": { + "claimName": { + "type": "string", + }, + "claimValue": { "type": "string", }, }, "type": "object", }, "logical": false, - "title": "LDAPFilter", + "title": "JwtClaim", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NONE.subjectTypes.json 1`] = ` { - "conditionTypes": { - "LEAuthLevel": { - "_id": "LEAuthLevel", + "meta": Any, + "subjectTypes": { + "NONE": { + "_id": "NONE", "config": { - "properties": { - "authLevel": { - "type": "integer", - }, - }, + "properties": {}, "type": "object", }, "logical": false, - "title": "LEAuthLevel", + "title": "NONE", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/NOT.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NOT.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "NOT": { "_id": "NOT", "config": { "properties": { - "condition": { + "subject": { "properties": {}, "type": "object", }, @@ -381815,42 +395528,18 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "NOT", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/OR.subjectTypes.json 1`] = ` { - "conditionTypes": { - "OAuth2Scope": { - "_id": "OAuth2Scope", - "config": { - "properties": { - "requiredScopes": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "OAuth2Scope", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OR.conditionTypes.json 1`] = ` -{ - "conditionTypes": { + "subjectTypes": { "OR": { "_id": "OR", "config": { "properties": { - "conditions": { + "subjects": { "type": "array", }, }, @@ -381860,13 +395549,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "OR", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Policy.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Policy.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "Policy": { "_id": "Policy", "config": { @@ -381874,8 +395563,14 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "className": { "type": "string", }, - "properties": { - "type": "object", + "name": { + "type": "string", + }, + "values": { + "items": { + "type": "string", + }, + "type": "array", }, }, "type": "object", @@ -381884,1592 +395579,984 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "Policy", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/test-jwt-issuer.trustedJwtIssuer.json 1`] = ` { - "conditionTypes": { - "ResourceEnvIP": { - "_id": "ResourceEnvIP", - "config": { - "properties": { - "resourceEnvIPConditionValue": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", + "meta": Any, + "trustedJwtIssuer": { + "test-jwt-issuer": { + "_id": "test-jwt-issuer", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", }, - "logical": false, - "title": "ResourceEnvIP", + "agentgroup": null, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": "hello", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Script.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/trusted-jwt.trustedJwtIssuer.json 1`] = ` { - "conditionTypes": { - "Script": { - "_id": "Script", - "config": { - "properties": { - "scriptId": { - "type": "string", - }, - }, - "type": "object", + "meta": Any, + "trustedJwtIssuer": { + "trusted jwt": { + "_id": "trusted jwt", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", }, - "logical": false, - "title": "Script", + "agentgroup": null, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Session.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Cool-Webhook.webhookService.json 1`] = ` { - "conditionTypes": { - "Session": { - "_id": "Session", - "config": { - "properties": { - "maxSessionTime": { - "type": "integer", - }, - "terminateSession": { - "required": true, - "type": "boolean", - }, - }, - "type": "object", + "meta": Any, + "webhookService": { + "Cool Webhook": { + "_id": "Cool Webhook", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", }, - "logical": false, - "title": "Session", + "body": "body", + "headers": { + "accept": "*/*", + "cool": "test", + }, + "url": "test", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Test-Webhook.webhookService.json 1`] = ` { - "conditionTypes": { - "SessionProperty": { - "_id": "SessionProperty", - "config": { - "properties": { - "ignoreValueCase": { - "required": true, - "type": "boolean", - }, - "properties": { - "type": "object", - }, - }, - "type": "object", + "meta": Any, + "webhookService": { + "Test Webhook": { + "_id": "Test Webhook", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "body": "hello", + "headers": { + "accept": "*/*", }, - "logical": false, - "title": "SessionProperty", }, }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/wsEntity/ws.wsEntity.json 1`] = ` +{ "meta": Any, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` { - "conditionTypes": { - "SimpleTime": { - "_id": "SimpleTime", - "config": { - "properties": { - "endDate": { - "type": "string", - }, - "endDay": { - "type": "string", - }, - "endTime": { - "type": "string", - }, - "enforcementTimeZone": { - "type": "string", - }, - "startDate": { - "type": "string", - }, - "startDay": { - "type": "string", - }, - "startTime": { - "type": "string", - }, - }, - "type": "object", + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, }, - "logical": false, - "title": "SimpleTime", + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Transaction.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` { - "conditionTypes": { - "Transaction": { - "_id": "Transaction", - "config": { - "properties": { - "authenticationStrategy": { - "type": "string", - }, - "strategySpecifier": { - "type": "string", - }, - }, - "type": "object", + "applicationTypes": { + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true, }, - "logical": false, - "title": "Transaction", + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/cot/Test-COT.cot.saml.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` { - "meta": Any, - "saml": { - "cot": { - "Test COT": { - "_id": "Test COT", - "_type": { - "_id": "circlesoftrust", - "collection": true, - "name": "Circle of Trust", - }, - "status": "active", - "trustedProviders": [], - }, + "applicationTypes": { + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", }, - "hosted": {}, - "metadata": {}, - "remote": {}, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authentication/root-first.authentication.settings.json 1`] = ` { - "decisionCombiners": { - "DenyOverride": { - "_id": "DenyOverride", - "title": "DenyOverride", + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/idp/Google-Test.idp.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/amsterService.authenticationChains.json 1`] = ` { - "idp": { - "Google Test": { - "_id": "Google Test", + "authenticationChains": { + "amsterService": { + "_id": "amsterService", "_type": { - "_id": "googleConfig", + "_id": "EMPTY", "collection": true, - "name": "Client configuration for Google.", + "name": "Authentication Configuration", }, - "acrValues": [], - "authenticationIdKey": "sub", - "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "clientAuthenticationMethod": "CLIENT_SECRET_POST", - "clientId": "test", - "enableNativeNonce": true, - "enabled": true, - "encryptJwtRequestParameter": false, - "encryptedIdTokens": false, - "issuer": "https://accounts.google.com", - "issuerComparisonCheckType": "EXACT", - "jwtEncryptionAlgorithm": "NONE", - "jwtEncryptionMethod": "NONE", - "jwtRequestParameterOption": "NONE", - "jwtSigningAlgorithm": "NONE", - "pkceMethod": "S256", - "privateKeyJwtExpTime": 600, - "redirectURI": "https://testurl.com", - "responseMode": "DEFAULT", - "revocationCheckOptions": [], - "scopeDelimiter": " ", - "scopes": [ - "openid", - "profile", - "email", + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, ], - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "transform": "58d29080-4563-480b-89bb-1e7719776a21", - "uiConfig": { - "buttonClass": "", - "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", - "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", - "buttonDisplayName": "Google", - "buttonImage": "images/g-logo.png", - "iconBackground": "#4184f3", - "iconClass": "fa-google", - "iconFontColor": "white", - }, - "useCustomTrustStore": false, - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - "userInfoResponseType": "JSON", - "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration", + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Agent.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/ldapService.authenticationChains.json 1`] = ` { - "meta": Any, - "trees": { - "Agent": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "AgentDataStoreDecisionNode", - "collection": true, - "name": "Agent Data Store Decision", - }, - }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", - "_outcomes": [ - { - "displayName": "Has Credentials", - "id": "true", - }, - { - "displayName": "No Credentials", - "id": "false", - }, - ], - "_type": { - "_id": "ZeroPageLoginNode", - "collection": true, - "name": "Zero Page Login Collector", - }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", - }, + "authenticationChains": { + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Agent", - "description": "null", - "enabled": true, - "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Agent Data Store Decision", - "nodeType": "AgentDataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "a87ff679-a2f3-371d-9181-a67b7542122c", - }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", - "x": 0, - "y": 0, - }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, }, - "uiConfig": {}, - }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Example.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/amster.authenticationModules.json 1`] = ` { - "meta": Any, - "trees": { - "Example": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", - }, - }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", - }, - }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", - "_outcomes": [ - { - "displayName": "Has Credentials", - "id": "true", - }, - { - "displayName": "No Credentials", - "id": "false", - }, - ], - "_type": { - "_id": "ZeroPageLoginNode", - "collection": true, - "name": "Zero Page Login Collector", - }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Example", - "description": "null", - "enabled": true, - "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "connections": { - "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, - }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "connections": { - "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "connections": { - "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster", }, + "authenticationLevel": 0, + "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", + "enabled": true, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/datastore.authenticationModules.json 1`] = ` { - "meta": Any, - "trees": { - "Facebook-ProvisionIDMAccount": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialFacebookNode", - "collection": true, - "name": "Social Facebook", - }, - "authenticationIdKey": "id", - "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", - "cfgAccountMapperConfiguration": { - "id": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "first_name": "givenName", - "id": "iplanet-am-user-alias-list", - "last_name": "sn", - "name": "cn", - }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "facebook", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "public_profile,email", - "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", - "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", - }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ProvisionIdmAccountNode", - "collection": true, - "name": "Provision IDM Account", - }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - }, + "authenticationModules": { + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Facebook-ProvisionIDMAccount", - "description": "null", - "enabled": true, - "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - }, - "displayName": "Facebook Social Authentication", - "nodeType": "SocialFacebookNode", - "x": 0, - "y": 0, - }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Provision IDM Account", - "nodeType": "ProvisionIdmAccountNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "authenticationLevel": 0, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/federation.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation", }, + "authenticationLevel": 0, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-AnonymousUser.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/hotp.authenticationModules.json 1`] = ` { + "authenticationModules": { + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP", + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + }, "meta": Any, - "trees": { - "Google-AnonymousUser": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "_id": "1ff1de77-4005-38da-93f4-2943881c655f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SetSuccessUrlNode", - "collection": true, - "name": "Success URL", - }, - "successUrl": "https://www.forgerock.com/", - }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", - }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AnonymousUserNode", - "collection": true, - "name": "Anonymous User Mapping", - }, - "anonymousUserName": "anonymous", - }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/ldap.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-AnonymousUser", - "description": "null", - "enabled": true, - "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Set Success URL", - "nodeType": "SetSuccessUrlNode", - "x": 0, - "y": 0, - }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", - }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, - }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "connections": { - "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", - }, - "displayName": "Map to Anonymous User", - "nodeType": "AnonymousUserNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAPS", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/oath.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": true, + "name": "OATH", }, + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-DynamicAccountCreation.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/sae.authenticationModules.json 1`] = ` { + "authenticationModules": { + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": true, + "name": "SAE", + }, + "authenticationLevel": 0, + }, + }, "meta": Any, - "trees": { - "Google-DynamicAccountCreation": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "ProvisionDynamicAccountNode", - "collection": true, - "name": "Provision Dynamic Account", + "type": "array", }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "CreatePasswordNode", - "collection": true, - "name": "Create Password", + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AND.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", }, - "minPasswordLength": 0, }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", + "type": "object", + }, + "logical": true, + "title": "AND", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", - }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + "type": "object", + }, + "logical": false, + "title": "AuthLevel", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", }, - "emailSubject": { - "en": "Your One Time Password", + "applicationName": { + "type": "string", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", - }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "_outcomes": [ - { - "displayName": "Retry", - "id": "Retry", - }, - { - "displayName": "Reject", - "id": "Reject", + "authScheme": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "RetryLimitDecisionNode", - "collection": true, - "name": "Retry Limit Decision", + "type": "array", }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", + "type": "object", + }, + "logical": false, + "title": "AuthScheme", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", }, - "length": 8, }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", }, - "passwordExpiryTime": 5, }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-DynamicAccountCreation", - "description": "null", - "enabled": true, - "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Provision Dynamic Account", - "nodeType": "ProvisionDynamicAccountNode", - "x": 0, - "y": 0, - }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "connections": { - "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", - }, - "displayName": "Create Password", - "nodeType": "CreatePasswordNode", - "x": 0, - "y": 0, - }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", - }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, - }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "connections": { - "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", - }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 0, - "y": 0, - }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "connections": { - "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", - "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "logical": false, + "title": "AuthenticateToService", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv4.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, + "type": "array", }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "connections": { - "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", - }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 0, - "y": 0, + "endIp": { + "type": "string", }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "connections": { - "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", - }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 0, - "y": 0, + "startIp": { + "type": "string", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "IPv4", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/HmacOneTimePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv6.conditionTypes.json 1`] = ` { - "meta": Any, - "trees": { - "HmacOneTimePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "conditionTypes": { + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", + "type": "array", }, - "length": 8, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", + "endIp": { + "type": "string", }, - "passwordExpiryTime": 5, - }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + "startIp": { + "type": "string", }, }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + "type": "object", + }, + "logical": false, + "title": "IPv6", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", }, }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "_id": "98f13708-2101-34c4-b568-7be6106a3b84", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", - }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", - }, - "emailSubject": { - "en": "Your One Time Password", + "type": "object", + }, + "logical": false, + "title": "LDAPFilter", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", + "type": "object", + }, + "logical": false, + "title": "LEAuthLevel", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/NOT.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", }, }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "HmacOneTimePassword", - "description": "null", - "enabled": true, - "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "connections": { - "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", - }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 743.0625, - "y": 58.5, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 1109.09375, - "y": 35.859375, - }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 546.546875, - "y": 35.859375, - }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "connections": { - "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 353.9375, - "y": 58.5, - }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "connections": { - "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 920.625, - "y": 58.5, - }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "connections": { - "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "logical": true, + "title": "NOT", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 152, - "y": 58.5, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1326.34375, - "y": 92, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1326.34375, - "y": 25, - }, - "startNode": { - "x": 50, - "y": 58.5, + "type": "array", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "OAuth2Scope", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PersistentCookie.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OR.conditionTypes.json 1`] = ` { - "meta": Any, - "trees": { - "PersistentCookie": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", + "conditionTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", }, }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SetPersistentCookieNode", - "collection": true, - "name": "Set Persistent Cookie", + "type": "object", + }, + "logical": true, + "title": "OR", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Policy.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", }, - "hmacSigningKey": null, - "idleTimeout": 5, - "maxLife": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, - }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "PersistentCookieDecisionNode", - "collection": true, - "name": "Persistent Cookie Decision", + "properties": { + "type": "object", }, - "enforceClientIp": false, - "hmacSigningKey": null, - "idleTimeout": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + "type": "array", }, }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + "type": "object", + }, + "logical": false, + "title": "ResourceEnvIP", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Script.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", }, }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PersistentCookie", - "description": "null", - "enabled": true, - "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "connections": { - "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Set Persistent Cookie", - "nodeType": "SetPersistentCookieNode", - "x": 0, - "y": 0, - }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Persistent Cookie Decision", - "nodeType": "PersistentCookieDecisionNode", - "x": 0, - "y": 0, - }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "connections": { - "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, + "logical": false, + "title": "Script", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Session.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, + "terminateSession": { + "required": true, + "type": "boolean", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "Session", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformForgottenUsername.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` { - "meta": Any, - "trees": { - "PlatformForgottenUsername": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "d82c8d16-19ad-3176-9665-453cfb2e55f0": { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", + "conditionTypes": { + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, }, + "type": "object", }, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "InnerTreeEvaluatorNode", - "collection": true, - "name": "Inner Tree Evaluator", + "logical": false, + "title": "SessionProperty", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", }, - "tree": "PlatformLogin", - }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", + "endDay": { + "type": "string", }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + "endTime": { + "type": "string", }, - "emailTemplateName": "forgottenUsername", - "identityAttribute": "mail", - "objectLookup": true, - }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "_id": "a684ecee-e76f-3522-b732-86a895bc8436", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + "enforcementTimeZone": { + "type": "string", }, - "nodes": [ - { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": { - "en": "Enter your email address or Sign in", + "startDate": { + "type": "string", }, - "pageHeader": { - "en": "Forgotten Username", + "startDay": { + "type": "string", }, - "stage": "null", - }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", + "startTime": { + "type": "string", }, - "identityAttribute": "mail", }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformForgottenUsername", - "description": "Forgotten Username Tree", - "enabled": true, - "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, - }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "connections": { - "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "connections": { - "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "logical": false, + "title": "SimpleTime", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Transaction.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "connections": { - "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, + "strategySpecifier": { + "type": "string", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "Transaction", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformLogin.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` +{ + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Agent.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformLogin": { + "Agent": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "642e92ef-b794-3173-8881-b53e1e1b18b6": { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, - "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - }, + "innerNodes": {}, "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "_id": "2838023a-778d-3aec-9c21-2708f721b788", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", - }, - "identityAttribute": "userName", - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", "_outcomes": [ { "displayName": "True", @@ -383481,62 +396568,32 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "InnerTreeEvaluatorNode", + "_id": "AgentDataStoreDecisionNode", "collection": true, - "name": "Inner Tree Evaluator", + "name": "Agent Data Store Decision", }, - "tree": "PlatformProgressiveProfile", }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", "_outcomes": [ { - "displayName": "True", + "displayName": "Has Credentials", "id": "true", }, { - "displayName": "False", + "displayName": "No Credentials", "id": "false", }, ], "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", + "_id": "ZeroPageLoginNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "New here? Create an account
Forgot username? Forgot password?", - }, - "pageHeader": { - "en": "Sign In", + "name": "Zero Page Login Collector", }, - "stage": "null", + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", }, }, "saml2Entities": {}, @@ -383544,48 +396601,30 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformLogin", - "description": "Platform Login Tree", + "_id": "Agent", + "description": "null", "enabled": true, - "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "connections": { - "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", - }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { "connections": { "false": "e301438c-0bd0-429c-ab0c-66126501069a", "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", "x": 0, "y": 0, }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { "connections": { "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "2838023a-778d-3aec-9c21-2708f721b788", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "connections": { - "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", "x": 0, "y": 0, }, @@ -383597,16 +396636,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformProgressiveProfile.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Example.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformProgressiveProfile": { + "Example": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", "_outcomes": [ { "displayName": "Outcome", @@ -383614,22 +396654,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AttributeCollectorNode", + "_id": "PasswordCollectorNode", "collection": true, - "name": "Attribute Collector", + "name": "Password Collector", }, - "attributesToCollect": [ - "preferences/updates", - "preferences/marketing", - ], - "identityAttribute": "userName", - "required": false, - "validateInputs": false, }, - }, - "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { - "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", "_outcomes": [ { "displayName": "True", @@ -383641,15 +396672,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "QueryFilterDecisionNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Query Filter Decision", + "name": "Data Store Decision", }, - "identityAttribute": "userName", - "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { - "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", "_outcomes": [ { "displayName": "Outcome", @@ -383657,65 +396686,32 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": {}, - "pageHeader": { - "en": "Please select your preferences", + "name": "Username Collector", }, - "stage": "null", }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { - "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", "_outcomes": [ { - "displayName": "True", + "displayName": "Has Credentials", "id": "true", }, { - "displayName": "False", + "displayName": "No Credentials", "id": "false", }, ], "_type": { - "_id": "LoginCountDecisionNode", - "collection": true, - "name": "Login Count Decision", - }, - "amount": 3, - "identityAttribute": "userName", - "interval": "AT", - }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { - "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", + "_id": "ZeroPageLoginNode", "collection": true, - "name": "Patch Object", + "name": "Zero Page Login Collector", }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", }, }, "saml2Entities": {}, @@ -383723,49 +396719,48 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformProgressiveProfile", - "description": "Prompt for missing preferences on 3rd login", + "_id": "Example", + "description": "null", "enabled": true, - "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", }, - "displayName": "Query Filter Decision", - "nodeType": "QueryFilterDecisionNode", + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", "x": 0, "y": 0, }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { "connections": { - "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", "x": 0, "y": 0, }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", }, - "displayName": "Login Count Decision", - "nodeType": "LoginCountDecisionNode", + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", "x": 0, "y": 0, }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", "x": 0, "y": 0, }, @@ -383777,140 +396772,62 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformRegistration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformRegistration": { + "Facebook-ProvisionIDMAccount": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "givenName", - "sn", - "mail", - "preferences/marketing", - "preferences/updates", - ], - "identityAttribute": "userName", - "required": true, - "validateInputs": true, - }, - "1c383cd3-0b7c-398a-b502-93adfecb7b18": { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AcceptTermsAndConditionsNode", - "collection": true, - "name": "Accept Terms and Conditions", - }, - }, - "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", }, - ], - "_type": { - "_id": "KbaCreateNode", - "collection": true, - "name": "KBA Definition", - }, - "allowUserDefinedQuestions": true, - "message": { - "en": "Select a security question", - }, - }, - "e369853d-f766-3a44-a1ed-0ff613f563bd": { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "No account exists", + "id": "NO_ACCOUNT", }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "SocialFacebookNode", "collection": true, - "name": "Platform Username", + "name": "Social Facebook", }, - "usernameAttribute": "userName", - "validateInput": true, - }, - }, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", }, - "identityAttribute": "userName", - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", - "_outcomes": [ - { - "displayName": "Created", - "id": "CREATED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", ], - "_type": { - "_id": "CreateObjectNode", - "collection": true, - "name": "Create Object", + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", }, - "identityResource": "managed/user", + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", "_outcomes": [ { "displayName": "Outcome", @@ -383918,44 +396835,11 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", + "_id": "ProvisionIdmAccountNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "displayName": "KBA Definition", - "nodeType": "KbaCreateNode", - }, - { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "displayName": "Accept Terms and Conditions", - "nodeType": "AcceptTermsAndConditionsNode", - }, - ], - "pageDescription": { - "en": "Signing up is fast and easy.
Already have an account?Sign In", - }, - "pageHeader": { - "en": "Sign Up", + "name": "Provision IDM Account", }, - "stage": "null", + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", }, }, "saml2Entities": {}, @@ -383963,38 +396847,29 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformRegistration", - "description": "Platform Registration Tree", + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", "enabled": true, - "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { "connections": { - "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", }, - "displayName": "Create Object", - "nodeType": "CreateObjectNode", + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", "x": 0, "y": 0, }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { "connections": { - "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", "x": 0, "y": 0, }, @@ -384006,54 +396881,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformResetPassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-AnonymousUser.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformResetPassword": { + "Google-AnonymousUser": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "44f683a8-4163-3352-bafe-57c2e008bc8c": { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - "66f041e1-6a60-328b-85a7-e228a89c3799": { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, - }, - }, + "innerNodes": {}, "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", "_outcomes": [ { "displayName": "Outcome", @@ -384061,75 +396899,59 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", + "_id": "SetSuccessUrlNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Change password", - }, - "pageHeader": { - "en": "Reset Password", + "name": "Success URL", }, - "stage": "null", + "successUrl": "https://www.forgerock.com/", }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", }, { - "displayName": "False", - "id": "false", + "displayName": "No account exists", + "id": "NO_ACCOUNT", }, ], "_type": { - "_id": "IdentifyExistingUserNode", + "_id": "SocialGoogleNode", "collection": true, - "name": "Identify Existing User", + "name": "Social Google", }, - "identifier": "userName", - "identityAttribute": "mail", - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", }, - "nodes": [ - { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Reset Password", + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", }, - "stage": "null", + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", "_outcomes": [ { "displayName": "Outcome", @@ -384137,39 +396959,11 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", - }, - "emailTemplateName": "resetPassword", - "identityAttribute": "mail", - "objectLookup": true, - }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", + "_id": "AnonymousUserNode", "collection": true, - "name": "Patch Object", + "name": "Anonymous User Mapping", }, - "identityAttribute": "mail", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, + "anonymousUserName": "anonymous", }, }, "saml2Entities": {}, @@ -384177,57 +396971,38 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformResetPassword", - "description": "Reset Password Tree", + "_id": "Google-AnonymousUser", + "description": "null", "enabled": true, - "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "connections": { - "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "connections": { - "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "1ff1de77-4005-38da-93f4-2943881c655f": { "connections": { - "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", "x": 0, "y": 0, }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "4e732ced-3463-306d-a0ca-9a15b6153677": { "connections": { - "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", "x": 0, "y": 0, }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", "x": 0, "y": 0, }, @@ -384239,16 +397014,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformUpdatePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-DynamicAccountCreation.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformUpdatePassword": { + "Google-DynamicAccountCreation": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "735b90b4-5681-35ed-ac3f-678819b6e058": { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", "_outcomes": [ { "displayName": "Outcome", @@ -384256,15 +397032,14 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedPasswordNode", + "_id": "ProvisionDynamicAccountNode", "collection": true, - "name": "Platform Password", + "name": "Provision Dynamic Account", }, - "passwordAttribute": "password", - "validateInput": false, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", }, - "7cbbc409-ec99-3f19-878c-75bd1e06f215": { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", "_outcomes": [ { "displayName": "Outcome", @@ -384272,128 +397047,107 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedPasswordNode", + "_id": "CreatePasswordNode", "collection": true, - "name": "Platform Password", + "name": "Create Password", }, - "passwordAttribute": "password", - "validateInput": true, + "minPasswordLength": 0, }, - }, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", }, { - "displayName": "False", - "id": "false", + "displayName": "No account exists", + "id": "NO_ACCOUNT", }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "SocialGoogleNode", "collection": true, - "name": "Data Store Decision", + "name": "Social Google", }, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "AttributePresentDecisionNode", - "collection": true, - "name": "Attribute Present Decision", + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", }, - "identityAttribute": "userName", - "presentAttribute": "password", - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", }, - "emailTemplateName": "updatePassword", - "identityAttribute": "userName", - "objectLookup": true, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", "_outcomes": [ { "displayName": "Outcome", "id": "outcome", }, ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter current password", + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", }, - "pageHeader": { - "en": "Verify Existing Password", + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", }, - "stage": "null", + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", "_outcomes": [ { - "displayName": "Patched", - "id": "PATCHED", + "displayName": "Retry", + "id": "Retry", }, { - "displayName": "Failed", - "id": "FAILURE", + "displayName": "Reject", + "id": "Reject", }, ], "_type": { - "_id": "PatchObjectNode", + "_id": "RetryLimitDecisionNode", "collection": true, - "name": "Patch Object", + "name": "Retry Limit Decision", }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [ - "userName", - ], - "patchAsObject": true, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", "_outcomes": [ { "displayName": "Outcome", @@ -384401,40 +397155,30 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", + "_id": "OneTimePasswordGeneratorNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter new password", - }, - "pageHeader": { - "en": "Update Password", + "name": "HOTP Generator", }, - "stage": "null", + "length": 8, }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "SessionDataNode", + "_id": "OneTimePasswordCollectorDecisionNode", "collection": true, - "name": "Get Session Data", + "name": "OTP Collector Decision", }, - "sessionDataKey": "UserToken", - "sharedStateKey": "userName", + "passwordExpiryTime": 5, }, }, "saml2Entities": {}, @@ -384442,76 +397186,76 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformUpdatePassword", - "description": "Update password using active session", + "_id": "Google-DynamicAccountCreation", + "description": "null", "enabled": true, - "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", "x": 0, "y": 0, }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { "connections": { - "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", }, - "displayName": "Attribute Present Decision", - "nodeType": "AttributePresentDecisionNode", + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", "x": 0, "y": 0, }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "33e75ff0-9dd6-31bb-a69f-351039152189": { "connections": { - "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", "x": 0, "y": 0, }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "34173cb3-8f07-389d-9beb-c2ac9128303f": { "connections": { - "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", "x": 0, "y": 0, }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", "x": 0, "y": 0, }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { "connections": { - "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", "x": 0, "y": 0, }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "c16a5320-fa47-3530-9958-3c34fd356ef5": { "connections": { - "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", }, - "displayName": "Get Session Data", - "nodeType": "SessionDataNode", + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", "x": 0, "y": 0, }, @@ -384523,17 +397267,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/RetryLimit.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/HmacOneTimePassword.journey.json 1`] = ` { "meta": Any, "trees": { - "RetryLimit": { + "HmacOneTimePassword": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": {}, "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", "_outcomes": [ { "displayName": "Outcome", @@ -384541,33 +397285,51 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "UsernameCollectorNode", + "_id": "OneTimePasswordGeneratorNode", "collection": true, - "name": "Username Collector", + "name": "HOTP Generator", }, + "length": 8, }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", "_outcomes": [ { - "displayName": "Retry", - "id": "Retry", + "displayName": "True", + "id": "true", }, { - "displayName": "Reject", - "id": "Reject", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "RetryLimitDecisionNode", + "_id": "OneTimePasswordCollectorDecisionNode", "collection": true, - "name": "Retry Limit Decision", + "name": "OTP Collector Decision", }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, + "passwordExpiryTime": 5, }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", "_outcomes": [ { "displayName": "Outcome", @@ -384580,26 +397342,36 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "name": "Password Collector", }, }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", "_outcomes": [ { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "OneTimePasswordSmtpSenderNode", "collection": true, - "name": "Data Store Decision", + "name": "OTP Email Sender", }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", "_outcomes": [ { "displayName": "Outcome", @@ -384607,11 +397379,10 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AccountLockoutNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "Account Lockout", + "name": "Username Collector", }, - "lockAction": "LOCK", }, }, "saml2Entities": {}, @@ -384619,57 +397390,66 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "RetryLimit", + "_id": "HmacOneTimePassword", "description": "null", "enabled": true, - "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { "connections": { - "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", "x": 0, "y": 0, }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { "connections": { - "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", - "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", "x": 0, "y": 0, }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { "connections": { - "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", }, "displayName": "Password Collector", "nodeType": "PasswordCollectorNode", "x": 0, "y": 0, }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "98f13708-2101-34c4-b568-7be6106a3b84": { "connections": { - "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", "x": 0, "y": 0, }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { "connections": { - "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", }, - "displayName": "Account Lockout", - "nodeType": "AccountLockoutNode", + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", "x": 0, "y": 0, }, @@ -384681,16 +397461,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/oath_registration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PersistentCookie.journey.json 1`] = ` { "meta": Any, "trees": { - "oath_registration": { + "PersistentCookie": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c": { - "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", "_outcomes": [ { "displayName": "Outcome", @@ -384698,15 +397479,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "Platform Username", + "name": "Username Collector", }, - "usernameAttribute": "userName", - "validateInput": false, }, - "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f": { - "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", "_outcomes": [ { "displayName": "Outcome", @@ -384714,17 +397493,19 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedPasswordNode", + "_id": "SetPersistentCookieNode", "collection": true, - "name": "Platform Password", + "name": "Set Persistent Cookie", }, - "passwordAttribute": "password", - "validateInput": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, }, - }, - "nodes": { - "35ca2418-908d-4b92-9320-ef8576851abb": { - "_id": "35ca2418-908d-4b92-9320-ef8576851abb", + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", "_outcomes": [ { "displayName": "True", @@ -384736,98 +397517,48 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "PersistentCookieDecisionNode", "collection": true, - "name": "Data Store Decision", + "name": "Persistent Cookie Decision", }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, }, - "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { - "_id": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", "_outcomes": [ { - "displayName": "Success", - "id": "successOutcome", - }, - { - "displayName": "Failure", - "id": "failureOutcome", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "OathRegistrationNode", + "_id": "PasswordCollectorNode", "collection": true, - "name": "OATH Registration", + "name": "Password Collector", }, - "accountName": "USERNAME", - "addChecksum": false, - "algorithm": "TOTP", - "bgColor": "032b75", - "generateRecoveryCodes": true, - "issuer": "ForgeRock", - "minSharedSecretLength": 32, - "passwordLength": "SIX_DIGITS", - "postponeDeviceProfileStorage": false, - "scanQRCodeMessage": {}, - "totpHashAlgorithm": "HMAC_SHA1", - "totpTimeInterval": 30, - "truncationOffset": -1, }, - "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { - "_id": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", "_outcomes": [ { - "displayName": "Success", - "id": "successOutcome", - }, - { - "displayName": "Failure", - "id": "failureOutcome", - }, - { - "displayName": "Not registered", - "id": "notRegisteredOutcome", + "displayName": "True", + "id": "true", }, - ], - "_type": { - "_id": "OathTokenVerifierNode", - "collection": true, - "name": "OATH Token Verifier", - }, - "algorithm": "TOTP", - "hotpWindowSize": 100, - "isRecoveryCodeAllowed": false, - "maximumAllowedClockDrift": 5, - "totpHashAlgorithm": "HMAC_SHA1", - "totpTimeInterval": 30, - "totpTimeSteps": 2, - }, - "fc5481db-cbee-479f-915a-2b40c54ce04e": { - "_id": "fc5481db-cbee-479f-915a-2b40c54ce04e", - "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "PageNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Page Node", + "name": "Data Store Decision", }, - "nodes": [ - { - "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": {}, - "pageHeader": {}, }, }, "saml2Entities": {}, @@ -384835,64 +397566,59 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "oath_registration", + "_id": "PersistentCookie", + "description": "null", "enabled": true, - "entryNodeId": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", "innerTreeOnly": false, "nodes": { - "35ca2418-908d-4b92-9320-ef8576851abb": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 416, - "y": 161, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, }, - "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { "connections": { - "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", - "successOutcome": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "OATH Registration", - "nodeType": "OathRegistrationNode", - "x": 717, - "y": 290, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + "x": 0, + "y": 0, }, - "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "aab32389-22bc-325a-af60-6eb525ffdc56": { "connections": { - "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", - "notRegisteredOutcome": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", - "successOutcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "OATH Token Verifier", - "nodeType": "OathTokenVerifierNode", - "x": 689, - "y": 102, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + "x": 0, + "y": 0, }, - "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { "connections": { - "outcome": "35ca2418-908d-4b92-9320-ef8576851abb", + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 202, - "y": 139, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1103, - "y": 47, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1100, - "y": 240, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, }, - "startNode": { - "x": 50, - "y": 25, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, }, }, "uiConfig": {}, @@ -384902,16 +397628,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/push_registration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformForgottenUsername.journey.json 1`] = ` { "meta": Any, "trees": { - "push_registration": { + "PlatformForgottenUsername": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": { - "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9": { - "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", "_outcomes": [ { "displayName": "Outcome", @@ -384919,61 +397645,21 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "AttributeCollectorNode", "collection": true, - "name": "Platform Username", + "name": "Attribute Collector", }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "7ab18633-6eb0-455d-97ff-40ff7db4862a": { - "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, + "attributesToCollect": [ + "mail", ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, + "identityAttribute": "mail", + "required": true, + "validateInputs": false, }, }, "nodes": { - "07bc635b-5a3f-461b-87ee-e76c9fa22738": { - "_id": "07bc635b-5a3f-461b-87ee-e76c9fa22738", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": {}, - "pageHeader": {}, - }, - "0e161d10-c2d1-4196-8b41-59f80be4a587": { - "_id": "0e161d10-c2d1-4196-8b41-59f80be4a587", + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", "_outcomes": [ { "displayName": "True", @@ -384985,115 +397671,79 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "InnerTreeEvaluatorNode", "collection": true, - "name": "Data Store Decision", + "name": "Inner Tree Evaluator", }, + "tree": "PlatformLogin", }, - "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { - "_id": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", "_outcomes": [ { - "displayName": "Sent", - "id": "SENT", - }, - { - "displayName": "Not Registered", - "id": "NOT_REGISTERED", - }, - { - "displayName": "Skipped", - "id": "SKIPPED", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "PushAuthenticationSenderNode", + "_id": "EmailSuspendNode", "collection": true, - "name": "Push Sender", + "name": "Email Suspend Node", }, - "captureFailure": false, - "contextInfo": false, - "customPayload": [], - "mandatory": false, - "messageTimeout": 120000, - "pushType": "DEFAULT", - "userMessage": {}, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, }, - "527e6b31-01db-409c-8f52-01a5b7f48737": { - "_id": "527e6b31-01db-409c-8f52-01a5b7f48737", + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", "_outcomes": [ { - "displayName": "Success", - "id": "TRUE", - }, - { - "displayName": "Failure", - "id": "FALSE", - }, - { - "displayName": "Expired", - "id": "EXPIRED", - }, - { - "displayName": "Waiting", - "id": "WAITING", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "PushResultVerifierNode", + "_id": "PageNode", "collection": true, - "name": "Push Result Verifier Node", + "name": "Page Node", }, - }, - "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { - "_id": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", - "_outcomes": [ - { - "displayName": "Success", - "id": "successOutcome", - }, - { - "displayName": "Failure", - "id": "failureOutcome", - }, + "nodes": [ { - "displayName": "Time Out", - "id": "timeoutOutcome", + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", }, ], - "_type": { - "_id": "PushRegistrationNode", - "collection": true, - "name": "Push Registration", + "pageDescription": { + "en": "Enter your email address or Sign in", }, - "accountName": "USERNAME", - "bgColor": "032b75", - "generateRecoveryCodes": true, - "issuer": "ForgeRock", - "scanQRCodeMessage": {}, - "timeout": 60, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", }, - "ccb48486-0d8e-475d-a002-29d0bfa1177a": { - "_id": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", "_outcomes": [ { - "displayName": "Done", - "id": "DONE", + "displayName": "True", + "id": "true", }, { - "displayName": "Exit", - "id": "EXITED", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "PushWaitNode", + "_id": "IdentifyExistingUserNode", "collection": true, - "name": "Push Wait Node", + "name": "Identify Existing User", }, - "challengeMessage": {}, - "exitMessage": {}, - "secondsToWait": 5, - "waitingMessage": {}, + "identityAttribute": "mail", }, }, "saml2Entities": {}, @@ -385101,84 +397751,50 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "push_registration", + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", "enabled": true, - "entryNodeId": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", "innerTreeOnly": false, "nodes": { - "07bc635b-5a3f-461b-87ee-e76c9fa22738": { - "connections": {}, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 180, - "y": 133, - }, - "0e161d10-c2d1-4196-8b41-59f80be4a587": { - "connections": { - "true": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 406, - "y": 126, - }, - "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { "connections": { - "NOT_REGISTERED": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", - "SENT": "ccb48486-0d8e-475d-a002-29d0bfa1177a", - "SKIPPED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Push Sender", - "nodeType": "PushAuthenticationSenderNode", - "x": 647, - "y": 79, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, }, - "527e6b31-01db-409c-8f52-01a5b7f48737": { + "9f61408e-3afb-333e-90cd-f1b20de6f466": { "connections": { - "EXPIRED": "e301438c-0bd0-429c-ab0c-66126501069a", - "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", - "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "WAITING": "e301438c-0bd0-429c-ab0c-66126501069a", + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", }, - "displayName": "Push Result Verifier Node", - "nodeType": "PushResultVerifierNode", - "x": 1016, - "y": 122, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, }, - "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "a684ecee-e76f-3522-b732-86a895bc8436": { "connections": { - "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", - "successOutcome": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", - "timeoutOutcome": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", }, - "displayName": "Push Registration", - "nodeType": "PushRegistrationNode", - "x": 639, - "y": 299, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, }, - "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { "connections": { - "DONE": "527e6b31-01db-409c-8f52-01a5b7f48737", - "EXITED": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", }, - "displayName": "Push Wait Node", - "nodeType": "PushWaitNode", - "x": 823, - "y": 126, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1245, - "y": 35, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1292, - "y": 172, - }, - "startNode": { - "x": 57, - "y": 22, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, }, }, "uiConfig": {}, @@ -385188,17 +397804,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/six.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformLogin.journey.json 1`] = ` { "meta": Any, "trees": { - "six": { + "PlatformLogin": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "295a70ba-2b67-4a48-bf13-237ce0a55450": { - "_id": "295a70ba-2b67-4a48-bf13-237ce0a55450", + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", "_outcomes": [ { "displayName": "Outcome", @@ -385206,15 +397821,15 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "ValidatedPasswordNode", "collection": true, - "name": "Platform Username", + "name": "Platform Password", }, - "usernameAttribute": "userName", + "passwordAttribute": "password", "validateInput": false, }, - "4a77788d-d443-4646-ac52-5cb9f2207a8a": { - "_id": "4a77788d-d443-4646-ac52-5cb9f2207a8a", + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", "_outcomes": [ { "displayName": "Outcome", @@ -385229,8 +397844,10 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "usernameAttribute": "userName", "validateInput": false, }, - "5883ff1e-80dd-49f5-a609-120303e1b0cd": { - "_id": "5883ff1e-80dd-49f5-a609-120303e1b0cd", + }, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", "_outcomes": [ { "displayName": "Outcome", @@ -385238,47 +397855,51 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "IncrementLoginCountNode", "collection": true, - "name": "Platform Username", + "name": "Increment Login Count", }, - "usernameAttribute": "userName", - "validateInput": false, + "identityAttribute": "userName", }, - "59129227-f192-4ff4-a7b4-bc7690b82d4f": { - "_id": "59129227-f192-4ff4-a7b4-bc7690b82d4f", + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "InnerTreeEvaluatorNode", "collection": true, - "name": "Platform Username", + "name": "Inner Tree Evaluator", }, - "usernameAttribute": "userName", - "validateInput": false, + "tree": "PlatformProgressiveProfile", }, - "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { - "_id": "6a1aa88f-25f8-4d40-8008-bfc6684b2a58", + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Platform Username", + "name": "Data Store Decision", }, - "usernameAttribute": "userName", - "validateInput": false, }, - "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { - "_id": "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5", + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", "_outcomes": [ { "displayName": "Outcome", @@ -385286,119 +397907,80 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "PageNode", "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "six", - "enabled": true, - "entryNodeId": "e301438c-0bd0-429c-ab0c-66126501069a", - "innerTreeOnly": false, - "nodes": { - "295a70ba-2b67-4a48-bf13-237ce0a55450": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 488, - "y": 57.890625, - }, - "4a77788d-d443-4646-ac52-5cb9f2207a8a": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 494, - "y": 458.890625, - }, - "5883ff1e-80dd-49f5-a609-120303e1b0cd": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 446, - "y": 298.890625, - }, - "59129227-f192-4ff4-a7b4-bc7690b82d4f": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 482, - "y": 220.890625, - }, - "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 461, - "y": 369.890625, - }, - "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 499, - "y": 139.890625, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 50, - "y": 117, + "name": "Page Node", }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 152, - "y": 25, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", }, - "startNode": { - "x": 50, - "y": 25, + "pageHeader": { + "en": "Sign In", }, + "stage": "null", }, - "uiConfig": {}, }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/test.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "test": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": {}, "saml2Entities": {}, "scripts": {}, "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "test", + "_id": "PlatformLogin", + "description": "Platform Login Tree", "enabled": true, - "entryNodeId": "d26176be-ea6f-4f2a-81cd-3d41dd6cee4d", + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", "innerTreeOnly": false, - "nodes": {}, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 50, - "y": 117, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 152, - "y": 25, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, }, - "startNode": { - "x": 50, - "y": 25, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, }, }, "uiConfig": {}, @@ -385408,16 +397990,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/webauthn_registration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformProgressiveProfile.journey.json 1`] = ` { "meta": Any, "trees": { - "webauthn_registration": { + "PlatformProgressiveProfile": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": { - "08faa9c0-7c19-454a-a4e1-0692d94615f6": { - "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", "_outcomes": [ { "displayName": "Outcome", @@ -385425,78 +398007,42 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "AttributeCollectorNode", "collection": true, - "name": "Platform Username", + "name": "Attribute Collector", }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "3334a349-b2ea-42e0-86b8-9f6c39d43dad": { - "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, + "identityAttribute": "userName", + "required": false, + "validateInputs": false, }, }, "nodes": { - "72ef6e1d-930c-4bed-922a-850815d98ea1": { - "_id": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", "_outcomes": [ { - "displayName": "Unsupported", - "id": "unsupported", - }, - { - "displayName": "Success", - "id": "success", - }, - { - "displayName": "Failure", - "id": "failure", + "displayName": "True", + "id": "true", }, { - "displayName": "Client Error", - "id": "error", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "WebAuthnRegistrationNode", + "_id": "QueryFilterDecisionNode", "collection": true, - "name": "WebAuthn Registration Node", + "name": "Query Filter Decision", }, - "acceptedSigningAlgorithms": [ - "ES256", - "RS256", - ], - "asScript": true, - "attestationPreference": "NONE", - "authenticatorAttachment": "UNSPECIFIED", - "enforceRevocationCheck": false, - "excludeCredentials": false, - "generateRecoveryCodes": true, - "maxSavedDevices": 0, - "origins": [], - "postponeDeviceProfileStorage": false, - "relyingPartyName": "ForgeRock", - "requiresResidentKey": false, - "storeAttestationDataInTransientState": false, - "timeout": 60, - "trustStoreAlias": "trustalias", - "userVerificationRequirement": "PREFERRED", + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", }, - "807106ff-fb66-469e-93bb-4e0834f6c875": { - "_id": "807106ff-fb66-469e-93bb-4e0834f6c875", + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", "_outcomes": [ { "displayName": "Outcome", @@ -385510,21 +398056,19 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, "nodes": [ { - "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", }, ], "pageDescription": {}, - "pageHeader": {}, + "pageHeader": { + "en": "Please select your preferences", + }, + "stage": "null", }, - "878eb28e-41b2-4bd7-9256-80ed427bd168": { - "_id": "878eb28e-41b2-4bd7-9256-80ed427bd168", + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", "_outcomes": [ { "displayName": "True", @@ -385536,46 +398080,35 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "LoginCountDecisionNode", "collection": true, - "name": "Data Store Decision", + "name": "Login Count Decision", }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", }, - "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { - "_id": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", "_outcomes": [ { - "displayName": "Unsupported", - "id": "unsupported", - }, - { - "displayName": "No Device Registered", - "id": "noDevice", - }, - { - "displayName": "Success", - "id": "success", - }, - { - "displayName": "Failure", - "id": "failure", + "displayName": "Patched", + "id": "PATCHED", }, { - "displayName": "Client Error", - "id": "error", + "displayName": "Failed", + "id": "FAILURE", }, ], "_type": { - "_id": "WebAuthnAuthenticationNode", + "_id": "PatchObjectNode", "collection": true, - "name": "WebAuthn Authentication Node", + "name": "Patch Object", }, - "asScript": true, - "isRecoveryCodeAllowed": false, - "origins": [], - "requiresResidentKey": false, - "timeout": 60, - "userVerificationRequirement": "PREFERRED", + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, }, }, "saml2Entities": {}, @@ -385583,68 +398116,51 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "webauthn_registration", + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", "enabled": true, - "entryNodeId": "807106ff-fb66-469e-93bb-4e0834f6c875", + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", "innerTreeOnly": false, "nodes": { - "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { "connections": { - "error": "e301438c-0bd0-429c-ab0c-66126501069a", - "failure": "e301438c-0bd0-429c-ab0c-66126501069a", - "success": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", - "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", }, - "displayName": "WebAuthn Registration Node", - "nodeType": "WebAuthnRegistrationNode", - "x": 629, - "y": 266, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + "x": 0, + "y": 0, }, - "807106ff-fb66-469e-93bb-4e0834f6c875": { + "6c8349cc-7260-3e62-a3b1-396831a8398f": { "connections": { - "outcome": "878eb28e-41b2-4bd7-9256-80ed427bd168", + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", }, "displayName": "Page Node", "nodeType": "PageNode", - "x": 192, - "y": 156, + "x": 0, + "y": 0, }, - "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 396, - "y": 157, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + "x": 0, + "y": 0, }, - "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { "connections": { - "error": "e301438c-0bd0-429c-ab0c-66126501069a", - "failure": "e301438c-0bd0-429c-ab0c-66126501069a", - "noDevice": "72ef6e1d-930c-4bed-922a-850815d98ea1", - "success": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "WebAuthn Authentication Node", - "nodeType": "WebAuthnAuthenticationNode", - "x": 608, - "y": 24, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1200, - "y": 34, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1206, - "y": 135, - }, - "startNode": { - "x": 76, - "y": 98, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, }, }, "uiConfig": {}, @@ -385654,1685 +398170,1023 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/oauth2.app/test-client.oauth2.app.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformRegistration.journey.json 1`] = ` { - "application": { - "test client": { - "_id": "test client", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": false, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:token-exchange", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "changeme", - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "[Empty]", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - ], - "supportedScopes": [], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": false, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", + "meta": Any, + "trees": { + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, + "identityAttribute": "userName", + "required": true, + "validateInputs": true, }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, }, - "consent": { - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": false, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", - }, - }, - "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", - }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], - "grantTypes": [ - "authorization_code", - ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], - "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", - ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, - }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [], - "secretLabelIdentifier": null, - "status": "Active", - }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], - }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], - }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", - "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, - "usePolicyEngineForScope": false, - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", - }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policy/Test-Policy.policy.json 1`] = ` -{ - "meta": Any, - "policy": { - "Test Policy": { - "_id": "Test Policy", - "actionValues": {}, - "active": true, - "applicationName": "iPlanetAMWebAgentService", - "createdBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": "2024-06-27T17:07:04.220Z", - "description": "", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": "2024-10-09T21:36:26.771Z", - "name": "Test Policy", - "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - "resources": [ - "*://*:*/*?*", - ], - "subject": { - "subjects": [ - { - "type": "NONE", + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", }, - { - "subjectValues": [ - "id=phales,ou=user,dc=openam,dc=forgerock,dc=org", - ], - "type": "Identity", + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", }, - ], - "type": "AND", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/iPlanetAMWebAgentService.policyset.json 1`] = ` -{ - "meta": Any, - "policyset": { - "iPlanetAMWebAgentService": { - "applicationType": "iPlanetAMWebAgentService", - "attributeNames": [], - "conditions": [ - "AND", - "OR", - "NOT", - "AMIdentityMembership", - "AuthLevel", - "LEAuthLevel", - "AuthScheme", - "AuthenticateToRealm", - "AuthenticateToService", - "IPv4", - "IPv6", - "LDAPFilter", - "OAuth2Scope", - "ResourceEnvIP", - "Session", - "SessionProperty", - "SimpleTime", - "Script", - "Transaction", - ], - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1718897366825, - "description": "The built-in Application used by OpenAM Policy Agents.", - "displayName": "Default Policy Set", - "editable": true, - "entitlementCombiner": "DenyOverride", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786744, - "name": "iPlanetAMWebAgentService", - "resourceComparator": null, - "resourceTypeUuids": [ - "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - ], - "saveIndex": null, - "searchIndex": null, - "subjects": [ - "AND", - "OR", - "NOT", - "AuthenticatedUsers", - "Identity", - "JwtClaim", - "NONE", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/oauth2Scopes.policyset.json 1`] = ` -{ - "meta": Any, - "policyset": { - "oauth2Scopes": { - "applicationType": "iPlanetAMWebAgentService", - "attributeNames": [], - "conditions": [ - "AND", - "OR", - "NOT", - "AMIdentityMembership", - "AuthLevel", - "LEAuthLevel", - "AuthScheme", - "AuthenticateToRealm", - "AuthenticateToService", - "IPv4", - "IPv6", - "LDAPFilter", - "OAuth2Scope", - "ResourceEnvIP", - "Session", - "SessionProperty", - "SimpleTime", - "Script", - "Transaction", - ], - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1718897366918, - "description": "The built-in Application used by the OAuth2 scope authorization process.", - "displayName": "Default OAuth2 Scopes Policy Set", - "editable": true, - "entitlementCombiner": "DenyOverride", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786761, - "name": "oauth2Scopes", - "resourceComparator": null, - "resourceTypeUuids": [ - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - ], - "saveIndex": null, - "searchIndex": null, - "subjects": [ - "AND", - "OR", - "NOT", - "AuthenticatedUsers", - "Identity", - "JwtClaim", - "NONE", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { - "actions": { - "GRANT": true, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, }, - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1517161800564, - "description": "The built-in OAuth2 Scope Resource Type for OAuth2 policy-provided scope.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786611, - "name": "OAuth2 Scope", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - "*", - ], - "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/URL.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + "x": 0, + "y": 0, + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1422892465848, - "description": "The built-in URL Resource Type available to OpenAM Policies.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786629, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/saml/Test-Entity.saml.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformResetPassword.journey.json 1`] = ` { "meta": Any, - "saml": { - "cot": {}, - "hosted": { - "VGVzdCBFbnRpdHk": { - "_id": "VGVzdCBFbnRpdHk", - "entityId": "Test Entity", - "identityProvider": { - "advanced": { - "ecpConfiguration": { - "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", - }, - "idpAdapter": { - "idpAdapterScript": "[Empty]", + "trees": { + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "idpFinderImplementation": {}, - "relayStateUrlList": {}, - "saeConfiguration": { - "idpUrl": "http://localhost:8080/am/idpsaehandler/metaAlias/test", + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "sessionSynchronization": {}, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", }, - "assertionContent": { - "assertionCache": {}, - "assertionTime": { - "effectiveTime": 600, - "notBeforeTimeSkew": 600, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "authenticationContext": { - "authContextItems": [ - { - "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "level": 0, - }, - ], - "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", }, - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - ], - "nameIdValueMap": [ - { - "binary": false, - "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "value": "mail", - }, - ], + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, + { + "displayName": "False", + "id": "false", }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", }, - "assertionProcessing": { - "accountMapper": { - "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", - }, - "attributeMapper": { - "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", - "attributeMapperScript": "[Empty]", + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "localConfiguration": {}, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, - "services": { - "assertionIdRequest": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/AIDReqSoap/IDPRole/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", - "location": "http://localhost:8080/am/AIDReqUri/IDPRole/metaAlias/test", - }, - ], - "metaAlias": "/test", - "nameIdMapping": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/NIMSoap/metaAlias/test", - }, - ], - "serviceAttributes": { - "artifactResolutionService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/ArtifactResolver/metaAlias/test", - }, - ], - "nameIdService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/IDPMniSoap/metaAlias/test", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/IDPSloSoap/metaAlias/test", - }, - ], - "singleSignOnService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/SSORedirect/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/SSOPOST/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/SSOSoap/metaAlias/test", - }, - ], + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", }, + "stage": "null", }, - "serviceProvider": { - "advanced": { - "ecpConfiguration": { - "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", - }, - "idpProxy": {}, - "relayStateUrlList": {}, - "saeConfiguration": { - "spUrl": "http://localhost:8080/am/spsaehandler/metaAlias/test2", + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", }, - "assertionContent": { - "assertionTimeSkew": 300, - "authenticationContext": { - "authContextItems": [ - { - "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "defaultItem": true, - "level": 0, - }, - ], - "authenticationComparisonType": "Exact", - "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", - "includeRequestedAuthenticationContext": true, - }, - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - ], + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, + { + "displayName": "Failed", + "id": "FAILURE", }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", }, - "assertionProcessing": { - "accountMapping": { - "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", }, - "adapter": { - "spAdapterScript": "[Empty]", + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", }, - "attributeMapper": { - "attributeMap": [ - { - "key": "*", - "value": "*", - }, - ], - "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", }, - "autoFederation": {}, - "responseArtifactMessageEncoding": { - "encoding": "URI", + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", }, - "url": {}, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, }, - "services": { - "metaAlias": "/test2", - "serviceAttributes": { - "assertionConsumerService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", - "index": 0, - "isDefault": true, - "location": "http://localhost:8080/am/Consumer/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "index": 1, - "isDefault": false, - "location": "http://localhost:8080/am/Consumer/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", - "index": 2, - "isDefault": false, - "location": "http://localhost:8080/am/Consumer/ECP/metaAlias/test2", - }, - ], - "nameIdService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/SPSloSoap/metaAlias/test2", - }, - ], + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, }, }, + "uiConfig": {}, }, }, - "metadata": { - "VGVzdCBFbnRpdHk": [ - "", - "", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, - "remote": {}, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.js 1`] = ` -"/* - * Copyright 2014-2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ -import com.iplanet.sso.SSOException -import com.sun.identity.idm.IdRepoException -import org.forgerock.oauth2.core.exceptions.InvalidRequestException -import org.forgerock.oauth2.core.UserInfoClaims -import org.forgerock.openidconnect.Claim - -/* -* Defined variables: -* logger - always presents, the "OAuth2Provider" debug logger instance -* claims - always present, default server provided claims - Map -* claimObjects - always present, default server provided claims - List -* session - present if the request contains the session cookie, the user's session object -* identity - always present, the identity of the resource owner -* scopes - always present, the requested scopes -* scriptName - always present, the display name of the script -* requestProperties - always present, contains a map of request properties: -* requestUri - the request URI -* realm - the realm that the request relates to -* requestParams - a map of the request params and/or posted data. Each value is a list of one or -* more properties. Please note that these should be handled in accordance with OWASP best practices. -* clientProperties - present if the client specified in the request was identified, contains a map of client -* properties: -* clientId - the client's Uri for the request locale -* allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) -* for the client -* allowedResponseTypes - list of the allowed response types for the client -* allowedScopes - list of the allowed scopes for the client -* customProperties - A map of the custom properties of the client. -* Lists or maps will be included as sub-maps, e.g: -* testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 -* requestedClaims - Map> -* always present, not empty if the request contains a claims parameter and server has enabled -* claims_parameter_supported, map of requested claims to possible values, otherwise empty, -* requested claims with no requested values will have a key but no value in the map. A key with -* a single value in its Set indicates this is the only value that should be returned. -* requestedTypedClaims - List -* always present, not empty if the request contains a claims parameter and server has enabled -* claims_parameter_supported, list of requested claims with claim name, requested possible values -* and if claim is essential, otherwise empty, -* requested claims with no requested values will have a claim with no values. A claims with -* a single value indicates this is the only value that should be returned. -* claimsLocales - the values from the 'claims_locales' parameter - List -* Required to return a Map of claims to be added to the id_token claims -* -* Expected return value structure: -* UserInfoClaims { -* Map values; // The values of the claims for the user information -* Map> compositeScopes; // Mapping of scope name to a list of claim names. -* } -*/ - -// user session not guaranteed to be present -boolean sessionPresent = session != null - -/* - * Pulls first value from users profile attribute - * - * @param claim The claim object. - * @param attr The profile attribute name. - */ -def fromSet = { claim, attr -> - if (attr != null && attr.size() == 1){ - attr.iterator().next() - } else if (attr != null && attr.size() > 1){ - attr - } else if (logger.warningEnabled()) { - logger.warning("OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim"); - } -} - -// ---vvvvvvvvvv--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---vvvvvvvvvv--- -/* - * Claim resolver which resolves the value of the claim from its requested values. - * - * This resolver will return a value if the claim has one requested values, otherwise an exception is thrown. - */ -defaultClaimResolver = { claim -> - if (claim.getValues().size() == 1) { - [(claim.getName()): claim.getValues().iterator().next()] - } else { - [:] - } -} - -/* - * Claim resolver which resolves the value of the claim by looking up the user's profile. - * - * This resolver will return a value for the claim if: - * # the user's profile attribute is not null - * # AND the claim contains no requested values - * # OR the claim contains requested values and the value from the user's profile is in the list of values - * - * If no match is found an exception is thrown. - */ -userProfileClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { - return [(claim.getName()): userProfileValue] - } - } - [:] -} - -/* - * Claim resolver which resolves the value of the claim of the user's address. - * - * This resolver will return a value for the claim if: - * # the value of the address is not null - * - */ -userAddressClaimResolver = { claim, identity -> - if (identity != null) { - addressFormattedValue = fromSet(claim.getName(), identity.getAttribute("postaladdress")) - if (addressFormattedValue != null) { - return [ - "formatted" : addressFormattedValue - ] - } - } - [:] -} - -/* - * Claim resolver which resolves the value of the claim by looking up the user's profile. - * - * This resolver will return a value for the claim if: - * # the user's profile attribute is not null - * # AND the claim contains no requested values - * # OR the claim contains requested values and the value from the user's profile is in the list of values - * - * If the claim is essential and no value is found an InvalidRequestException will be thrown and returned to the user. - * If no match is found an exception is thrown. - */ -essentialClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (claim.isEssential() && (userProfileValue == null || userProfileValue.isEmpty())) { - throw new InvalidRequestException("Could not provide value for essential claim $claim") - } - if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { - return [(claim.getName()): userProfileValue] - } - } - return [:] -} - -/* - * Claim resolver which expects the user's profile attribute value to be in the following format: - * "language_tag|value_for_language,...". - * - * This resolver will take the list of requested languages from the 'claims_locales' authorize request - * parameter and attempt to match it to a value from the users' profile attribute. - * If no match is found an exception is thrown. - */ -claimLocalesClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (userProfileValue != null) { - localeValues = parseLocaleAwareString(userProfileValue) - locale = claimsLocales.find { locale -> localeValues.containsKey(locale) } - if (locale != null) { - return [(claim.getName()): localeValues.get(locale)] - } - } - } - return [:] -} - -/* - * Claim resolver which expects the user's profile attribute value to be in the following format: - * "language_tag|value_for_language,...". - * - * This resolver will take the language tag specified in the claim object and attempt to match it to a value - * from the users' profile attribute. If no match is found an exception is thrown. - */ -languageTagClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (userProfileValue != null) { - localeValues = parseLocaleAwareString(userProfileValue) - if (claim.getLocale() != null) { - if (localeValues.containsKey(claim.getLocale())) { - return [(claim.getName()): localeValues.get(claim.getLocale())] - } else { - entry = localeValues.entrySet().iterator().next() - return [(claim.getName() + "#" + entry.getKey()): entry.getValue()] - } - } else { - entry = localeValues.entrySet().iterator().next() - return [(claim.getName()): entry.getValue()] - } - } - } - return [:] -} - -/* - * Given a string "en|English,jp|Japenese,fr_CA|French Canadian" will return map of locale -> value. - */ -parseLocaleAwareString = { s -> - return result = s.split(",").collectEntries { entry -> - split = entry.split("\\\\|") - [(split[0]): value = split[1]] - } -} -// ---^^^^^^^^^^--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---^^^^^^^^^^--- - -// -------------- UPDATE THIS TO CHANGE CLAIM TO ATTRIBUTE MAPPING FUNCTIONS --------------- -/* - * List of claim resolver mappings. - */ -// [ {claim}: {attribute retriever}, ... ] -claimAttributes = [ - "email": userProfileClaimResolver.curry("mail"), - "address": { claim, identity -> [ "address" : userAddressClaimResolver(claim, identity) ] }, - "phone_number": userProfileClaimResolver.curry("telephonenumber"), - "given_name": userProfileClaimResolver.curry("givenname"), - "zoneinfo": userProfileClaimResolver.curry("preferredtimezone"), - "family_name": userProfileClaimResolver.curry("sn"), - "locale": userProfileClaimResolver.curry("preferredlocale"), - "name": userProfileClaimResolver.curry("cn") -] - - -// -------------- UPDATE THIS TO CHANGE SCOPE TO CLAIM MAPPINGS -------------- -/* - * Map of scopes to claim objects. - */ -// {scope}: [ {claim}, ... ] -scopeClaimsMap = [ - "email": [ "email" ], - "address": [ "address" ], - "phone": [ "phone_number" ], - "profile": [ "given_name", "zoneinfo", "family_name", "locale", "name" ] -] - - -// ---------------- UPDATE BELOW FOR ADVANCED USAGES ------------------- -if (logger.messageEnabled()) { - scopes.findAll { s -> !("openid".equals(s) || scopeClaimsMap.containsKey(s)) }.each { s -> - logger.message("OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s") - } -} - -/* - * Computes the claims return key and value. The key may be a different value if the claim value is not in - * the requested language. - */ -def computeClaim = { claim -> - try { - claimResolver = claimAttributes.get(claim.getName(), { claimObj, identity -> defaultClaimResolver(claim)}) - claimResolver(claim, identity) - } catch (IdRepoException e) { - if (logger.warningEnabled()) { - logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); - } - } catch (SSOException e) { - if (logger.warningEnabled()) { - logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); - } - } -} - -/* - * Converts requested scopes into claim objects based on the scope mappings in scopeClaimsMap. - */ -def convertScopeToClaims = { - scopes.findAll { scope -> "openid" != scope && scopeClaimsMap.containsKey(scope) }.collectMany { scope -> - scopeClaimsMap.get(scope).collect { claim -> - new Claim(claim) - } - } -} - -// Creates a full list of claims to resolve from requested scopes, claims provided by AS and requested claims -def claimsToResolve = convertScopeToClaims() + claimObjects + requestedTypedClaims - -// Computes the claim return key and values for all requested claims -computedClaims = claimsToResolve.collectEntries() { claim -> - result = computeClaim(claim) -} - -// Computes composite scopes -def compositeScopes = scopeClaimsMap.findAll { scope -> - scopes.contains(scope.key) -} - -return new UserInfoClaims((Map)computedClaims, (Map)compositeScopes) -" -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.json 1`] = ` -{ - "meta": Any, - "script": { - "1817cc25-fc84-4053-8f91-4ef130616e25": { - "_id": "1817cc25-fc84-4053-8f91-4ef130616e25", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Legacy", - "script": "file://Legacy.script.js", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.js 1`] = ` -"/* - * Copyright 2022-2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This is an example library script with methods that can be used in other scripts. - * To reference it, use the following: - * - * var library = require("Library Script"); - * - * library.logError(logger, "Error message"); - * library.logDebug(logger, "Debug message"); - */ - -function logError(log, errorMessage) { - log.error(errorMessage); -} - -function logWarning(log, warningMessage) { - log.warn(warningMessage); -} - -exports.logError = logError; -exports.logWarning = logWarning; - -// Alternatively, exports can be declared using an inline arrow function - -exports.logInfo = (log, infoMessage) => log.info(infoMessage); -exports.logDebug = (log, debugMessage) => log.debug(debugMessage); -" + }, +} `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformUpdatePassword.journey.json 1`] = ` { "meta": Any, - "script": { - "31bd2ae6-c929-4547-b636-84b874715d60": { - "_id": "31bd2ae6-c929-4547-b636-84b874715d60", - "context": "LIBRARY", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "evaluatorVersion": "2.0", - "exports": [ - { - "arity": 2, - "id": "logError", - "type": "Function", + "trees": { + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, }, - { - "arity": 2, - "id": "logWarning", - "type": "Function", + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, }, - { - "arity": 2, - "id": "logInfo", - "type": "Function", + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, }, - { - "arity": 2, - "id": "logDebug", - "type": "Function", + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", }, - ], - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "NextGeneration", - "script": "file://NextGeneration.script.js", + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + "x": 0, + "y": 0, + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.js 1`] = ` -"/* - * Copyright 2022-2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This is an example library script with methods that can be used in other scripts. - * To reference it, use the following: - * - * var library = require("Library Script"); - * - * library.logError(logger, "Error message"); - * library.logDebug(logger, "Debug message"); - */ - -function logError(log, errorMessage) { - log.error(errorMessage); -} - -function logWarning(log, warningMessage) { - log.warn(warningMessage); -} - -exports.logError = logError; -exports.logWarning = logWarning; - -// Alternatively, exports can be declared using an inline arrow function - -exports.logInfo = (log, infoMessage) => log.info(infoMessage); -exports.logDebug = (log, debugMessage) => log.debug(debugMessage); -" -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/RetryLimit.journey.json 1`] = ` { "meta": Any, - "script": { - "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede": { - "_id": "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede", - "context": "LIBRARY", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Test script description", - "evaluatorVersion": "2.0", - "exports": [ - { - "arity": 2, - "id": "logError", - "type": "Function", + "trees": { + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, }, - { - "arity": 2, - "id": "logWarning", - "type": "Function", + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, }, - { - "arity": 2, - "id": "logInfo", - "type": "Function", + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, }, - { - "arity": 2, - "id": "logDebug", - "type": "Function", + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, }, - ], - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Test Script", - "script": "file://Test-Script.script.js", + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.js 1`] = ` -"/* - * Copyright 2022-2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This is an example library script with methods that can be used in other scripts. - * To reference it, use the following: - * - * var library = require("Library Script"); - * - * library.logError(logger, "Error message"); - * library.logDebug(logger, "Debug message"); - */ - -function logError(log, errorMessage) { - log.error(errorMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/policyset/oauth2Scopes.policyset.json 1`] = ` +{ + "meta": Any, + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788713, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", + ], + }, + }, } +`; -function logWarning(log, warningMessage) { - log.warn(warningMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` +{ + "meta": Any, + "resourcetype": { + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788670, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, } - -exports.logError = logError; -exports.logWarning = logWarning; - -// Alternatively, exports can be declared using an inline arrow function - -exports.logInfo = (log, infoMessage) => log.info(infoMessage); -exports.logDebug = (log, debugMessage) => log.debug(debugMessage); -" `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/URL.resourcetype.json 1`] = ` { "meta": Any, - "script": { - "9a7836ff-b597-4799-8a6f-306fdf40f238": { - "_id": "9a7836ff-b597-4799-8a6f-306fdf40f238", - "context": "LIBRARY", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "This is a test script", - "evaluatorVersion": "2.0", - "exports": [ - { - "arity": 2, - "id": "logError", - "type": "Function", - }, - { - "arity": 2, - "id": "logWarning", - "type": "Function", - }, - { - "arity": 2, - "id": "logInfo", - "type": "Function", - }, - { - "arity": 2, - "id": "logDebug", - "type": "Function", - }, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788692, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", ], - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "test script 2", - "script": "file://test-script-2.script.js", + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-keystore.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-keystore.secretstore.json 1`] = ` { "meta": Any, "secretstore": { @@ -387355,7 +399209,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-passwords-store.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-passwords-store.secretstore.json 1`] = ` { "meta": Any, "secretstore": { @@ -387373,48 +399227,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/IdentityAssertionService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "IdentityAssertionService": { - "_id": "", - "_type": { - "_id": "IdentityAssertionService", - "collection": false, - "name": "Identity Assertion Service", - }, - "cacheDuration": 120, - "enable": true, - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/RemoteConsentService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "RemoteConsentService": { - "_id": "", - "_type": { - "_id": "RemoteConsentService", - "collection": false, - "name": "Remote Consent Service", - }, - "consentResponseTimeLimit": 2, - "jwkStoreCacheMissCacheTime": 1, - "jwkStoreCacheTimeout": 5, - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/SocialIdentityProviders.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/SocialIdentityProviders.service.json 1`] = ` { "meta": Any, "service": { @@ -387426,259 +399239,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "name": "Social Identity Provider Service", }, "enabled": true, - "location": "/", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/amSessionPropertyWhitelist.service.json 1`] = ` -{ - "meta": Any, - "service": { - "amSessionPropertyWhitelist": { - "_id": "", - "_type": { - "_id": "amSessionPropertyWhitelist", - "collection": false, - "name": "Session Property Whitelist Service", - }, - "location": "/", - "nextDescendents": [], - "sessionPropertyWhitelist": [ - "AMCtxId", - ], - "whitelistedQueryProperties": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/audit.service.json 1`] = ` -{ - "meta": Any, - "service": { - "audit": { - "_id": "", - "_type": { - "_id": "audit", - "collection": false, - "name": "Audit Logging", - }, - "auditEnabled": true, - "blacklistFieldFilters": [], - "location": "/", - "nextDescendents": [], - "whitelistFieldFilters": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorOathService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "authenticatorOathService": { - "_id": "", - "_type": { - "_id": "authenticatorOathService", - "collection": false, - "name": "ForgeRock Authenticator (OATH) Service", - }, - "authenticatorOATHDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", - "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", - "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", - "authenticatorOATHSkippableName": "oath2faEnabled", - "location": "/", - "nextDescendents": [], - "oathAttrName": "oathDeviceProfiles", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorPushService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "authenticatorPushService": { - "_id": "", - "_type": { - "_id": "authenticatorPushService", - "collection": false, - "name": "ForgeRock Authenticator (Push) Service", - }, - "authenticatorPushDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", - "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", - "authenticatorPushSkippableName": "push2faEnabled", - "location": "/", - "nextDescendents": [], - "pushAttrName": "pushDeviceProfiles", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorWebAuthnService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "authenticatorWebAuthnService": { - "_id": "", - "_type": { - "_id": "authenticatorWebAuthnService", - "collection": false, - "name": "WebAuthn Profile Encryption Service", - }, - "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jceks", - "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", - "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], - "webauthnAttrName": "webauthnDeviceProfiles", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/baseurl.service.json 1`] = ` -{ - "meta": Any, - "service": { - "baseurl": { - "_id": "", - "_type": { - "_id": "baseurl", - "collection": false, - "name": "Base URL Source", - }, - "contextPath": "/am", - "location": "/", - "nextDescendents": [], - "source": "REQUEST_VALUES", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/dashboard.service.json 1`] = ` -{ - "meta": Any, - "service": { - "dashboard": { - "_id": "", - "_type": { - "_id": "dashboard", - "collection": false, - "name": "Dashboard", - }, - "assignedDashboard": [], - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceBindingService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "deviceBindingService": { - "_id": "", - "_type": { - "_id": "deviceBindingService", - "collection": false, - "name": "Device Binding Service", - }, - "deviceBindingAttrName": "boundDevices", - "deviceBindingSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceBindingSettingsEncryptionKeystorePassword": null, - "deviceBindingSettingsEncryptionKeystoreType": "JKS", - "deviceBindingSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceIdService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "deviceIdService": { - "_id": "", - "_type": { - "_id": "deviceIdService", - "collection": false, - "name": "Device ID Service", - }, - "deviceIdAttrName": "devicePrintProfiles", - "deviceIdSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceIdSettingsEncryptionKeystorePassword": null, - "deviceIdSettingsEncryptionKeystoreType": "JKS", - "deviceIdSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceProfilesService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "deviceProfilesService": { - "_id": "", - "_type": { - "_id": "deviceProfilesService", - "collection": false, - "name": "Device Profiles Service", - }, - "deviceProfilesAttrName": "deviceProfiles", - "deviceProfilesSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceProfilesSettingsEncryptionKeystorePassword": null, - "deviceProfilesSettingsEncryptionKeystoreType": "JKS", - "deviceProfilesSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/email.service.json 1`] = ` -{ - "meta": Any, - "service": { - "email": { - "_id": "", - "_type": { - "_id": "email", - "collection": false, - "name": "Email Service", - }, - "emailAddressAttribute": "mail", - "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", - "emailRateLimitSeconds": 1, - "location": "/", - "nextDescendents": [], - "port": 465, - "sslState": "SSL", + "location": "/first", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/id-repositories.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/id-repositories.service.json 1`] = ` { "meta": Any, "service": { @@ -387689,7 +399256,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "collection": false, "name": "sunIdentityRepositoryService", }, - "location": "/", + "location": "/first", "nextDescendents": [ { "_id": "embedded", @@ -387845,11 +399412,6 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "retryLimitNodeCount", "iplanet-am-user-failure-url", "iplanet-am-session-max-caching-time", - "thingType", - "thingKeys", - "thingOAuth2ClientName", - "thingConfig", - "thingProperties", ], "sun-idrepo-ldapv3-config-user-objectclass": [ "iplanet-am-managed-person", @@ -387871,7 +399433,6 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "webauthnDeviceProfilesContainer", "iplanet-am-auth-configuration-service", "deviceProfilesContainer", - "fr-iot", ], "sun-idrepo-ldapv3-config-users-search-attribute": "uid", "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", @@ -387889,32 +399450,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/iot.service.json 1`] = ` -{ - "meta": Any, - "service": { - "iot": { - "_id": "", - "_type": { - "_id": "iot", - "collection": false, - "name": "IoT Service", - }, - "attributeAllowlist": [ - "thingConfig", - ], - "createOAuthClient": false, - "createOAuthJwtIssuer": false, - "location": "/", - "nextDescendents": [], - "oauthClientName": "forgerock-iot-oauth2-client", - "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/oauth-oidc.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/oauth-oidc.service.json 1`] = ` { "meta": Any, "service": { @@ -388297,7 +399833,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", "deviceUserCodeLength": 8, }, - "location": "/", + "location": "/first", "nextDescendents": [], "pluginsConfig": { "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", @@ -388321,26 +399857,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pingOneWorkerService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "pingOneWorkerService": { - "_id": "", - "_type": { - "_id": "pingOneWorkerService", - "collection": false, - "name": "PingOne Worker Service", - }, - "enabled": true, - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/policyconfiguration.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/policyconfiguration.service.json 1`] = ` { "meta": Any, "service": { @@ -388359,7 +399876,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "ldapServer": [ "localhost:50636", ], - "location": "/", + "location": "/first", "maximumSearchResults": 100, "mtlsEnabled": false, "nextDescendents": [], @@ -388379,275 +399896,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pushNotification.service.json 1`] = ` -{ - "meta": Any, - "service": { - "pushNotification": { - "_id": "", - "_type": { - "_id": "pushNotification", - "collection": false, - "name": "Push Notification Service", - }, - "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", - "location": "/", - "mdCacheSize": 10000, - "mdConcurrency": 16, - "mdDuration": 120, - "nextDescendents": [], - "region": "us-east-1", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/security.service.json 1`] = ` -{ - "meta": Any, - "service": { - "security": { - "_id": "", - "_type": { - "_id": "security", - "collection": false, - "name": "Legacy User Self Service", - }, - "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", - "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", - "forgotPasswordEnabled": false, - "forgotPasswordTokenLifetime": 900, - "location": "/", - "nextDescendents": [], - "protectedUserAttributes": [], - "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", - "selfRegistrationEnabled": false, - "selfRegistrationTokenLifetime": 900, - "selfServiceEnabled": false, - "userRegisteredDestination": "default", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfService.service.json 1`] = ` -{ - "meta": Any, - "service": { - "selfService": { - "_id": "", - "_type": { - "_id": "selfService", - "collection": false, - "name": "User Self-Service", - }, - "advancedConfig": { - "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", - "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", - "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", - "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", - "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", - }, - "forgottenPassword": { - "forgottenPasswordCaptchaEnabled": false, - "forgottenPasswordEmailBody": [ - "en|

Click on this link to reset your password.

", - ], - "forgottenPasswordEmailSubject": [ - "en|Forgotten password email", - ], - "forgottenPasswordEmailVerificationEnabled": true, - "forgottenPasswordEnabled": false, - "forgottenPasswordKbaEnabled": false, - "forgottenPasswordTokenPaddingLength": 450, - "forgottenPasswordTokenTTL": 300, - "numberOfAllowedAttempts": 1, - "numberOfAttemptsEnforced": false, - }, - "forgottenUsername": { - "forgottenUsernameCaptchaEnabled": false, - "forgottenUsernameEmailBody": [ - "en|

Your username is %username%.

", - ], - "forgottenUsernameEmailSubject": [ - "en|Forgotten username email", - ], - "forgottenUsernameEmailUsernameEnabled": true, - "forgottenUsernameEnabled": false, - "forgottenUsernameKbaEnabled": false, - "forgottenUsernameShowUsernameEnabled": false, - "forgottenUsernameTokenTTL": 300, - }, - "generalConfig": { - "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", - "kbaQuestions": [ - "4|en|What is your mother's maiden name?", - "3|en|What was the name of your childhood pet?", - "2|en|What was the model of your first car?", - "1|en|What is the name of your favourite restaurant?", - ], - "minimumAnswersToDefine": 1, - "minimumAnswersToVerify": 1, - "validQueryAttributes": [ - "uid", - "mail", - "givenName", - "sn", - ], - }, - "location": "/", - "nextDescendents": [], - "profileManagement": { - "profileAttributeWhitelist": [ - "uid", - "telephoneNumber", - "mail", - "kbaInfo", - "givenName", - "sn", - "cn", - ], - "profileProtectedUserAttributes": [ - "telephoneNumber", - "mail", - ], - }, - "userRegistration": { - "userRegisteredDestination": "default", - "userRegistrationCaptchaEnabled": false, - "userRegistrationEmailBody": [ - "en|

Click on this link to register.

", - ], - "userRegistrationEmailSubject": [ - "en|Registration email", - ], - "userRegistrationEmailVerificationEnabled": true, - "userRegistrationEmailVerificationFirstEnabled": false, - "userRegistrationEnabled": false, - "userRegistrationKbaEnabled": false, - "userRegistrationTokenTTL": 300, - "userRegistrationValidUserAttributes": [ - "userPassword", - "mail", - "givenName", - "kbaInfo", - "inetUserStatus", - "sn", - "username", - ], - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfServiceTrees.service.json 1`] = ` -{ - "meta": Any, - "service": { - "selfServiceTrees": { - "_id": "", - "_type": { - "_id": "selfServiceTrees", - "collection": false, - "name": "Self Service Trees", - }, - "enabled": true, - "location": "/", - "nextDescendents": [], - "treeMapping": { - "forgottenUsername": "PlatformForgottenUsername", - "registration": "PlatformRegistration", - "resetPassword": "PlatformResetPassword", - "updatePassword": "PlatformUpdatePassword", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/socialauthentication.service.json 1`] = ` -{ - "meta": Any, - "service": { - "socialauthentication": { - "_id": "", - "_type": { - "_id": "socialauthentication", - "collection": false, - "name": "Social Authentication Implementations", - }, - "authenticationChains": {}, - "displayNames": {}, - "enabledKeys": [], - "icons": {}, - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/transaction.service.json 1`] = ` -{ - "meta": Any, - "service": { - "transaction": { - "_id": "", - "_type": { - "_id": "transaction", - "collection": false, - "name": "Transaction Authentication Service", - }, - "location": "/", - "nextDescendents": [], - "timeToLive": "180", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/user.service.json 1`] = ` -{ - "meta": Any, - "service": { - "user": { - "_id": "", - "_type": { - "_id": "user", - "collection": false, - "name": "User", - }, - "dynamic": { - "defaultUserStatus": "Active", - }, - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/validation.service.json 1`] = ` -{ - "meta": Any, - "service": { - "validation": { - "_id": "", - "_type": { - "_id": "validation", - "collection": false, - "name": "Validation Service", - }, - "location": "/", - "nextDescendents": [], - "validGotoDestinations": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectAttributes/undefined.subjectAttributes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectAttributes/undefined.subjectAttributes.json 1`] = ` { "meta": Any, "subjectAttributes": { @@ -388656,7 +399905,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AND.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AND.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388677,7 +399926,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388694,7 +399943,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Identity.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Identity.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388718,7 +399967,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388742,7 +399991,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NONE.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NONE.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388759,7 +400008,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NOT.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NOT.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388781,7 +400030,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/OR.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/OR.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388802,7 +400051,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Policy.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Policy.subjectTypes.json 1`] = ` { "meta": Any, "subjectTypes": { @@ -388832,90 +400081,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/test-jwt-issuer.trustedJwtIssuer.json 1`] = ` -{ - "meta": Any, - "trustedJwtIssuer": { - "test-jwt-issuer": { - "_id": "test-jwt-issuer", - "_type": { - "_id": "TrustedJwtIssuer", - "collection": true, - "name": "OAuth2 Trusted JWT Issuer", - }, - "agentgroup": null, - "allowedSubjects": [], - "consentedScopesClaim": "scope", - "issuer": "hello", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "resourceOwnerIdentityClaim": "sub", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/trusted-jwt.trustedJwtIssuer.json 1`] = ` -{ - "meta": Any, - "trustedJwtIssuer": { - "trusted jwt": { - "_id": "trusted jwt", - "_type": { - "_id": "TrustedJwtIssuer", - "collection": true, - "name": "OAuth2 Trusted JWT Issuer", - }, - "agentgroup": null, - "allowedSubjects": [], - "consentedScopesClaim": "scope", - "issuer": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "resourceOwnerIdentityClaim": "sub", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Cool-Webhook.webhookService.json 1`] = ` -{ - "meta": Any, - "webhookService": { - "Cool Webhook": { - "_id": "Cool Webhook", - "_type": { - "_id": "webhooks", - "collection": true, - "name": "Webhook Service", - }, - "body": "body", - "headers": { - "accept": "*/*", - "cool": "test", - }, - "url": "test", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Test-Webhook.webhookService.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/webhookService/webhooks.webhookService.json 1`] = ` { "meta": Any, "webhookService": { - "Test Webhook": { - "_id": "Test Webhook", + "webhooks": { + "_id": "webhooks", "_type": { "_id": "webhooks", "collection": true, "name": "Webhook Service", }, - "body": "hello", "headers": { "accept": "*/*", }, @@ -388924,7 +400100,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/wsEntity/ws.wsEntity.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/wsEntity/ws.wsEntity.json 1`] = ` { "meta": Any, "wsEntity": { @@ -388940,7 +400116,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` { "applicationTypes": { "iPlanetAMWebAgentService": { @@ -388965,7 +400141,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` { "applicationTypes": { "sunAMDelegationService": { @@ -388986,7 +400162,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` { "applicationTypes": { "umaApplicationType": { @@ -389003,7 +400179,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authentication/root-first.authentication.settings.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authentication/root-first-second.authentication.settings.json 1`] = ` { "authentication": { "_id": "", @@ -389032,7 +400208,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "user", ], "locale": "en_US", - "statelessSessionsEnabled": false, + "statelessSessionsEnabled": true, "twoFactorRequired": false, "userStatusCallbackPlugins": [], }, @@ -389073,7 +400249,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/amsterService.authenticationChains.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/amsterService.authenticationChains.json 1`] = ` { "authenticationChains": { "amsterService": { @@ -389099,7 +400275,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/ldapService.authenticationChains.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/ldapService.authenticationChains.json 1`] = ` { "authenticationChains": { "ldapService": { @@ -389125,7 +400301,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/amster.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/amster.authenticationModules.json 1`] = ` { "authenticationModules": { "amster": { @@ -389144,7 +400320,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/datastore.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/datastore.authenticationModules.json 1`] = ` { "authenticationModules": { "datastore": { @@ -389161,7 +400337,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/federation.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/federation.authenticationModules.json 1`] = ` { "authenticationModules": { "federation": { @@ -389178,7 +400354,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/hotp.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/hotp.authenticationModules.json 1`] = ` { "authenticationModules": { "hotp": { @@ -389209,7 +400385,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/ldap.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/ldap.authenticationModules.json 1`] = ` { "authenticationModules": { "ldap": { @@ -389250,7 +400426,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/oath.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/oath.authenticationModules.json 1`] = ` { "authenticationModules": { "oath": { @@ -389278,7 +400454,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/sae.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/sae.authenticationModules.json 1`] = ` { "authenticationModules": { "sae": { @@ -389295,7 +400471,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` { "conditionTypes": { "AMIdentityMembership": { @@ -389319,7 +400495,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AND.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AND.conditionTypes.json 1`] = ` { "conditionTypes": { "AND": { @@ -389340,7 +400516,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` { "conditionTypes": { "AuthLevel": { @@ -389361,7 +400537,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` { "conditionTypes": { "AuthScheme": { @@ -389391,7 +400567,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` { "conditionTypes": { "AuthenticateToRealm": { @@ -389412,7 +400588,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` { "conditionTypes": { "AuthenticateToService": { @@ -389433,7 +400609,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv4.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv4.conditionTypes.json 1`] = ` { "conditionTypes": { "IPv4": { @@ -389463,7 +400639,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv6.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv6.conditionTypes.json 1`] = ` { "conditionTypes": { "IPv6": { @@ -389493,7 +400669,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` { "conditionTypes": { "LDAPFilter": { @@ -389514,7 +400690,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` { "conditionTypes": { "LEAuthLevel": { @@ -389535,7 +400711,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/NOT.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/NOT.conditionTypes.json 1`] = ` { "conditionTypes": { "NOT": { @@ -389557,7 +400733,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` { "conditionTypes": { "OAuth2Scope": { @@ -389581,7 +400757,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OR.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OR.conditionTypes.json 1`] = ` { "conditionTypes": { "OR": { @@ -389602,7 +400778,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Policy.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Policy.conditionTypes.json 1`] = ` { "conditionTypes": { "Policy": { @@ -389626,7 +400802,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` { "conditionTypes": { "ResourceEnvIP": { @@ -389650,7 +400826,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Script.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Script.conditionTypes.json 1`] = ` { "conditionTypes": { "Script": { @@ -389671,7 +400847,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Session.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Session.conditionTypes.json 1`] = ` { "conditionTypes": { "Session": { @@ -389696,7 +400872,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` { "conditionTypes": { "SessionProperty": { @@ -389721,7 +400897,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` { "conditionTypes": { "SimpleTime": { @@ -389760,7 +400936,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Transaction.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Transaction.conditionTypes.json 1`] = ` { "conditionTypes": { "Transaction": { @@ -389784,7 +400960,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` { "decisionCombiners": { "DenyOverride": { @@ -389796,7 +400972,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Agent.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Agent.journey.json 1`] = ` { "meta": Any, "trees": { @@ -389886,7 +401062,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Example.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Example.journey.json 1`] = ` { "meta": Any, "trees": { @@ -390022,7 +401198,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` { "meta": Any, "trees": { @@ -390131,7 +401307,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-AnonymousUser.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-AnonymousUser.journey.json 1`] = ` { "meta": Any, "trees": { @@ -390264,7 +401440,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-DynamicAccountCreation.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-DynamicAccountCreation.journey.json 1`] = ` { "meta": Any, "trees": { @@ -390517,7 +401693,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/HmacOneTimePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/HmacOneTimePassword.journey.json 1`] = ` { "meta": Any, "trees": { @@ -390711,7 +401887,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PersistentCookie.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PersistentCookie.journey.json 1`] = ` { "meta": Any, "trees": { @@ -390878,7 +402054,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformForgottenUsername.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformForgottenUsername.journey.json 1`] = ` { "meta": Any, "trees": { @@ -391054,7 +402230,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformLogin.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformLogin.journey.json 1`] = ` { "meta": Any, "trees": { @@ -391240,7 +402416,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformProgressiveProfile.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformProgressiveProfile.journey.json 1`] = ` { "meta": Any, "trees": { @@ -391420,7 +402596,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformRegistration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformRegistration.journey.json 1`] = ` { "meta": Any, "trees": { @@ -391649,7 +402825,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformResetPassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformResetPassword.journey.json 1`] = ` { "meta": Any, "trees": { @@ -391882,7 +403058,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformUpdatePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformUpdatePassword.journey.json 1`] = ` { "meta": Any, "trees": { @@ -392166,7 +403342,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/RetryLimit.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/RetryLimit.journey.json 1`] = ` { "meta": Any, "trees": { @@ -392324,7 +403500,72 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/policyset/oauth2Scopes.policyset.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Test-Tree.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Test Tree": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "0254ab35-daea-40db-9a53-44fc06715e48": { + "_id": "0254ab35-daea-40db-9a53-44fc06715e48", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Test Tree", + "enabled": true, + "entryNodeId": "0254ab35-daea-40db-9a53-44fc06715e48", + "innerTreeOnly": false, + "nodes": { + "0254ab35-daea-40db-9a53-44fc06715e48": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 150, + "y": 20, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 447, + "y": 49, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 577, + "y": 71, + }, + "startNode": { + "x": 50, + "y": 25, + }, + }, + "uiConfig": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/policyset/oauth2Scopes.policyset.json 1`] = ` { "meta": Any, "policyset": { @@ -392359,7 +403600,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "editable": true, "entitlementCombiner": "DenyOverride", "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509788713, + "lastModifiedDate": 1728509790191, "name": "oauth2Scopes", "resourceComparator": null, "resourceTypeUuids": [ @@ -392381,7 +403622,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` { "meta": Any, "resourcetype": { @@ -392393,7 +403634,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "creationDate": 1595479030586, "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509788670, + "lastModifiedDate": 1728509790156, "name": "OAuth2 Scope", "patterns": [ "*://*:*/*", @@ -392406,7 +403647,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/URL.resourcetype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/URL.resourcetype.json 1`] = ` { "meta": Any, "resourcetype": { @@ -392424,7 +403665,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "creationDate": 1595479030487, "description": "The built-in URL Resource Type available to OpenAM Policies.", "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509788692, + "lastModifiedDate": 1728509790171, "name": "URL", "patterns": [ "*://*:*/*", @@ -392436,7 +403677,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-keystore.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-keystore.secretstore.json 1`] = ` { "meta": Any, "secretstore": { @@ -392459,7 +403700,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-passwords-store.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-passwords-store.secretstore.json 1`] = ` { "meta": Any, "secretstore": { @@ -392477,7 +403718,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/SocialIdentityProviders.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/SocialIdentityProviders.service.json 1`] = ` { "meta": Any, "service": { @@ -392489,13 +403730,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "name": "Social Identity Provider Service", }, "enabled": true, - "location": "/first", + "location": "/first/second", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/id-repositories.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/id-repositories.service.json 1`] = ` { "meta": Any, "service": { @@ -392506,7 +403747,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "collection": false, "name": "sunIdentityRepositoryService", }, - "location": "/first", + "location": "/first/second", "nextDescendents": [ { "_id": "embedded", @@ -392700,7 +403941,7 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/oauth-oidc.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/oauth-oidc.service.json 1`] = ` { "meta": Any, "service": { @@ -392965,794 +404206,205 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "A256KW", "ECDH-ES", "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": false, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "location": "/first", - "nextDescendents": [], - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/policyconfiguration.service.json 1`] = ` -{ - "meta": Any, - "service": { - "policyconfiguration": { - "_id": "", - "_type": { - "_id": "policyconfiguration", - "collection": false, - "name": "Policy Configuration", - }, - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "checkIfResourceTypeExists": true, - "connectionPoolMaximumSize": 10, - "connectionPoolMinimumSize": 1, - "ldapServer": [ - "localhost:50636", - ], - "location": "/first", - "maximumSearchResults": 100, - "mtlsEnabled": false, - "nextDescendents": [], - "policyHeartbeatInterval": 10, - "policyHeartbeatTimeUnit": "SECONDS", - "realmSearchFilter": "(objectclass=sunismanagedorganization)", - "searchTimeout": 5, - "sslEnabled": true, - "subjectsResultTTL": 10, - "userAliasEnabled": false, - "usersBaseDn": "dc=openam,dc=forgerock,dc=org", - "usersSearchAttribute": "uid", - "usersSearchFilter": "(objectclass=inetorgperson)", - "usersSearchScope": "SCOPE_SUB", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectAttributes/undefined.subjectAttributes.json 1`] = ` -{ - "meta": Any, - "subjectAttributes": { - "undefined": "iplanet-am-user-login-status", - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AND.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "subjects": { - "type": "array", - }, - }, - "type": "object", - }, - "logical": true, - "title": "AND", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AuthenticatedUsers": { - "_id": "AuthenticatedUsers", - "config": { - "properties": {}, - "type": "object", - }, - "logical": false, - "title": "AuthenticatedUsers", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Identity.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Identity": { - "_id": "Identity", - "config": { - "properties": { - "subjectValues": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "Identity", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "JwtClaim": { - "_id": "JwtClaim", - "config": { - "properties": { - "claimName": { - "type": "string", - }, - "claimValue": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "JwtClaim", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NONE.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NONE": { - "_id": "NONE", - "config": { - "properties": {}, - "type": "object", - }, - "logical": false, - "title": "NONE", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NOT.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "subject": { - "properties": {}, - "type": "object", - }, - }, - "type": "object", - }, - "logical": true, - "title": "NOT", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/OR.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "subjects": { - "type": "array", - }, - }, - "type": "object", - }, - "logical": true, - "title": "OR", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Policy.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", - }, - "name": { - "type": "string", - }, - "values": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "Policy", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/webhookService/webhooks.webhookService.json 1`] = ` -{ - "meta": Any, - "webhookService": { - "webhooks": { - "_id": "webhooks", - "_type": { - "_id": "webhooks", - "collection": true, - "name": "Webhook Service", - }, - "headers": { - "accept": "*/*", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/wsEntity/ws.wsEntity.json 1`] = ` -{ - "meta": Any, - "wsEntity": { - "ws": { - "_id": "ws", - "_type": { - "_id": "ws", - "collection": true, - "name": "Entity Descriptor ", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "iPlanetAMWebAgentService": { - "_id": "iPlanetAMWebAgentService", - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "iPlanetAMWebAgentService", - "resourceComparator": "com.sun.identity.entitlement.URLResourceName", - "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", - "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "sunAMDelegationService": { - "_id": "sunAMDelegationService", - "actions": { - "DELEGATE": true, - "MODIFY": true, - "READ": true, - }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "sunAMDelegationService", - "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", - "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", - "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "umaApplicationType": { - "_id": "umaApplicationType", - "actions": {}, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "umaApplicationType", - "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", - "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", - "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authentication/root-first-second.authentication.settings.json 1`] = ` -{ - "authentication": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Core", - }, - "accountlockout": { - "lockoutDuration": 0, - "lockoutDurationMultiplier": 1, - "lockoutWarnUserCount": 0, - "loginFailureCount": 5, - "loginFailureDuration": 300, - "loginFailureLockoutMode": false, - "storeInvalidAttemptsInDataStore": true, - }, - "core": { - "adminAuthModule": "ldapService", - "orgConfig": "ldapService", - }, - "general": { - "defaultAuthLevel": 0, - "identityType": [ - "agent", - "user", - ], - "locale": "en_US", - "statelessSessionsEnabled": true, - "twoFactorRequired": false, - "userStatusCallbackPlugins": [], - }, - "postauthprocess": { - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [ - "/am/console", - ], - "userAttributeSessionMapping": [], - "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", - "usernameGeneratorEnabled": true, - }, - "security": { - "addClearSiteDataHeader": true, - "moduleBasedAuthEnabled": true, - "sharedSecret": null, - "zeroPageLoginAllowedWithoutReferrer": true, - "zeroPageLoginEnabled": false, - "zeroPageLoginReferrerWhiteList": [], - }, - "trees": { - "authenticationSessionsMaxDuration": 5, - "authenticationSessionsStateManagement": "JWT", - "authenticationSessionsWhitelist": false, - "authenticationTreeCookieHttpOnly": true, - "suspendedAuthenticationTimeout": 5, - }, - "userprofile": { - "aliasAttributeName": [ - "uid", - ], - "defaultRole": [], - "dynamicProfileCreation": "false", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/amsterService.authenticationChains.json 1`] = ` -{ - "authenticationChains": { - "amsterService": { - "_id": "amsterService", - "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "Amster", - "options": {}, - }, - ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/ldapService.authenticationChains.json 1`] = ` -{ - "authenticationChains": { - "ldapService": { - "_id": "ldapService", - "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "DataStore", - "options": {}, - }, - ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/amster.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "amster": { - "_id": "amster", - "_type": { - "_id": "amster", - "collection": true, - "name": "ForgeRock Amster", + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], }, - "authenticationLevel": 0, - "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", - "enabled": true, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/datastore.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "datastore": { - "_id": "datastore", - "_type": { - "_id": "datastore", - "collection": true, - "name": "Data Store", + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, }, - "authenticationLevel": 0, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/federation.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "federation": { - "_id": "federation", - "_type": { - "_id": "federation", - "collection": true, - "name": "Federation", + "location": "/first/second", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", }, - "authenticationLevel": 0, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/hotp.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/policyconfiguration.service.json 1`] = ` { - "authenticationModules": { - "hotp": { - "_id": "hotp", - "_type": { - "_id": "hotp", - "collection": true, - "name": "HOTP", - }, - "authenticationLevel": 0, - "autoSendOTP": false, - "otpDeliveryMethod": "SMS and E-mail", - "otpLength": "8", - "otpMaxRetry": 3, - "otpValidityDuration": 5, - "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "smtpFromAddress": "no-reply@openam.org", - "smtpHostPort": 465, - "smtpHostname": "smtp.gmail.com", - "smtpSslEnabled": "SSL", - "smtpUserPassword": null, - "smtpUsername": "opensso.sun", - "userProfileEmailAttribute": "mail", - "userProfileTelephoneAttribute": "telephoneNumber", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/ldap.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "ldap": { - "_id": "ldap", + "service": { + "policyconfiguration": { + "_id": "", "_type": { - "_id": "ldap", - "collection": true, - "name": "LDAP", + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", }, - "authenticationLevel": 0, - "beheraPasswordPolicySupportEnabled": true, - "connectionHeartbeatInterval": 10, - "connectionHeartbeatTimeUnit": "SECONDS", - "minimumPasswordLength": "8", - "openam-auth-ldap-connection-mode": "LDAPS", - "operationTimeout": 0, - "primaryLdapServer": [ + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ "localhost:50636", ], - "profileAttributeMappings": [], - "returnUserDN": true, - "searchScope": "SUBTREE", - "secondaryLdapServer": [], - "stopLdapbindAfterInmemoryLockedEnabled": false, - "trustAllServerCertificates": false, - "userBindDN": "cn=Directory Manager", - "userBindPassword": null, - "userProfileRetrievalAttribute": "uid", - "userSearchAttributes": [ - "uid", - ], - "userSearchStartDN": [ - "dc=openam,dc=forgerock,dc=org", - ], + "location": "/first/second", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/oath.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectAttributes/undefined.subjectAttributes.json 1`] = ` { - "authenticationModules": { - "oath": { - "_id": "oath", - "_type": { - "_id": "oath", - "collection": true, - "name": "OATH", - }, - "addChecksum": "False", - "authenticationLevel": 0, - "forgerock-oath-maximum-clock-drift": 0, - "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", - "hotpWindowSize": 100, - "minimumSecretKeyLength": "32", - "oathAlgorithm": "HOTP", - "oathOtpMaxRetry": 3, - "passwordLength": "6", - "stepsInWindow": 2, - "timeStepSize": 30, - "truncationOffset": -1, - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/sae.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "sae": { - "_id": "sae", - "_type": { - "_id": "sae", - "collection": true, - "name": "SAE", - }, - "authenticationLevel": 0, - }, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AND.subjectTypes.json 1`] = ` { - "conditionTypes": { - "AMIdentityMembership": { - "_id": "AMIdentityMembership", - "config": { - "properties": { - "amIdentityName": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AMIdentityMembership", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AND.conditionTypes.json 1`] = ` -{ - "conditionTypes": { + "subjectTypes": { "AND": { "_id": "AND", "config": { "properties": { - "conditions": { + "subjects": { "type": "array", }, }, @@ -393762,213 +404414,100 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "AND", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthLevel": { - "_id": "AuthLevel", - "config": { - "properties": { - "authLevel": { - "type": "integer", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthLevel", - }, - }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` { - "conditionTypes": { - "AuthScheme": { - "_id": "AuthScheme", - "config": { - "properties": { - "applicationIdleTimeout": { - "type": "integer", - }, - "applicationName": { - "type": "string", - }, - "authScheme": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthScheme", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthenticateToRealm": { - "_id": "AuthenticateToRealm", + "subjectTypes": { + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", "config": { - "properties": { - "authenticateToRealm": { - "type": "string", - }, - }, + "properties": {}, "type": "object", }, "logical": false, - "title": "AuthenticateToRealm", + "title": "AuthenticatedUsers", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Identity.subjectTypes.json 1`] = ` { - "conditionTypes": { - "AuthenticateToService": { - "_id": "AuthenticateToService", - "config": { - "properties": { - "authenticateToService": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthenticateToService", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv4.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "IPv4": { - "_id": "IPv4", + "subjectTypes": { + "Identity": { + "_id": "Identity", "config": { "properties": { - "dnsName": { + "subjectValues": { "items": { "type": "string", }, "type": "array", }, - "endIp": { - "type": "string", - }, - "startIp": { - "type": "string", - }, }, "type": "object", }, "logical": false, - "title": "IPv4", + "title": "Identity", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv6.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` { - "conditionTypes": { - "IPv6": { - "_id": "IPv6", + "meta": Any, + "subjectTypes": { + "JwtClaim": { + "_id": "JwtClaim", "config": { "properties": { - "dnsName": { - "items": { - "type": "string", - }, - "type": "array", - }, - "endIp": { + "claimName": { "type": "string", }, - "startIp": { + "claimValue": { "type": "string", }, }, "type": "object", }, "logical": false, - "title": "IPv6", + "title": "JwtClaim", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NONE.subjectTypes.json 1`] = ` { - "conditionTypes": { - "LDAPFilter": { - "_id": "LDAPFilter", - "config": { - "properties": { - "ldapFilter": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "LDAPFilter", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "LEAuthLevel": { - "_id": "LEAuthLevel", + "subjectTypes": { + "NONE": { + "_id": "NONE", "config": { - "properties": { - "authLevel": { - "type": "integer", - }, - }, + "properties": {}, "type": "object", }, "logical": false, - "title": "LEAuthLevel", + "title": "NONE", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/NOT.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NOT.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "NOT": { "_id": "NOT", "config": { "properties": { - "condition": { + "subject": { "properties": {}, "type": "object", }, @@ -393979,42 +404518,18 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "NOT", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/OR.subjectTypes.json 1`] = ` { - "conditionTypes": { - "OAuth2Scope": { - "_id": "OAuth2Scope", - "config": { - "properties": { - "requiredScopes": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "OAuth2Scope", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OR.conditionTypes.json 1`] = ` -{ - "conditionTypes": { + "subjectTypes": { "OR": { "_id": "OR", "config": { "properties": { - "conditions": { + "subjects": { "type": "array", }, }, @@ -394024,13 +404539,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "OR", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Policy.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Policy.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "Policy": { "_id": "Policy", "config": { @@ -394038,28 +404553,10 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "className": { "type": "string", }, - "properties": { - "type": "object", + "name": { + "type": "string", }, - }, - "type": "object", - }, - "logical": false, - "title": "Policy", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "ResourceEnvIP": { - "_id": "ResourceEnvIP", - "config": { - "properties": { - "resourceEnvIPConditionValue": { + "values": { "items": { "type": "string", }, @@ -394069,3791 +404566,6264 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "type": "object", }, "logical": false, - "title": "ResourceEnvIP", + "title": "Policy", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Script.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/webhookService/webhooks.webhookService.json 1`] = ` { - "conditionTypes": { - "Script": { - "_id": "Script", - "config": { - "properties": { - "scriptId": { - "type": "string", - }, - }, - "type": "object", + "meta": Any, + "webhookService": { + "webhooks": { + "_id": "webhooks", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "headers": { + "accept": "*/*", }, - "logical": false, - "title": "Script", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Session.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/wsEntity/ws.wsEntity.json 1`] = ` { - "conditionTypes": { - "Session": { - "_id": "Session", - "config": { - "properties": { - "maxSessionTime": { - "type": "integer", - }, - "terminateSession": { - "required": true, - "type": "boolean", - }, - }, - "type": "object", + "meta": Any, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", }, - "logical": false, - "title": "Session", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -aD exportAllTestDir12 -f testExportAllIdm.config.json -m idm": should export all IDM config to a single file. 1`] = `""`; + +exports[`frodo config export "frodo config export -aD exportAllTestDir12 -f testExportAllIdm.config.json -m idm": should export all IDM config to a single file.: exportAllTestDir12/testExportAllIdm.config.json 1`] = ` { - "conditionTypes": { - "SessionProperty": { - "_id": "SessionProperty", - "config": { - "properties": { - "ignoreValueCase": { - "required": true, - "type": "boolean", - }, - "properties": { - "type": "object", - }, + "global": { + "emailTemplate": { + "forgottenUsername": { + "_id": "emailTemplate/forgottenUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", + }, + "mimeType": "text/html", + "subject": { + "en": "Account Information - username", + "fr": "Informations sur le compte - nom d'utilisateur", + }, + }, + "registration": { + "_id": "emailTemplate/registration", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "mimeType": "text/html", + "subject": { + "en": "Register new account", + "fr": "Créer un nouveau compte", + }, + }, + "resetPassword": { + "_id": "emailTemplate/resetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Click to reset your password

Password reset link

", + "fr": "

Cliquez pour réinitialiser votre mot de passe

Mot de passe lien de réinitialisation

", + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password", + "fr": "Réinitialisez votre mot de passe", + }, + }, + "updatePassword": { + "_id": "emailTemplate/updatePassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Verify email to update password

Update password link

", + }, + "mimeType": "text/html", + "subject": { + "en": "Update your password", + }, + }, + "welcome": { + "_id": "emailTemplate/welcome", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Welcome to OpenIDM. Your username is '{{object.userName}}'.

", + "fr": "

Bienvenue sur OpenIDM. Votre nom d'utilisateur est '{{object.userName}}'.

", + }, + "mimeType": "text/html", + "subject": { + "en": "Your account has been created", + "fr": "Votre compte vient d’être créé !", }, - "type": "object", }, - "logical": false, - "title": "SessionProperty", }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "SimpleTime": { - "_id": "SimpleTime", - "config": { - "properties": { - "endDate": { - "type": "string", + "idm": { + "access": { + "_id": "access", + "configs": [ + { + "actions": "", + "methods": "read", + "pattern": "health", + "roles": "*", }, - "endDay": { - "type": "string", + { + "actions": "*", + "methods": "read", + "pattern": "info/*", + "roles": "*", }, - "endTime": { - "type": "string", + { + "actions": "login,logout", + "methods": "read,action", + "pattern": "authentication", + "roles": "*", }, - "enforcementTimeZone": { - "type": "string", + { + "actions": "validate", + "methods": "action", + "pattern": "util/validateQueryFilter", + "roles": "*", }, - "startDate": { - "type": "string", + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/themeconfig", + "roles": "*", }, - "startDay": { - "type": "string", + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/theme-*", + "roles": "*", }, - "startTime": { - "type": "string", + { + "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled(['registration', 'passwordReset'])", + "methods": "read", + "pattern": "config/selfservice/kbaConfig", + "roles": "*", }, - }, - "type": "object", - }, - "logical": false, - "title": "SimpleTime", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Transaction.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "Transaction": { - "_id": "Transaction", - "config": { - "properties": { - "authenticationStrategy": { - "type": "string", + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/dashboard", + "roles": "internal/role/openidm-authorized", }, - "strategySpecifier": { - "type": "string", + { + "actions": "*", + "methods": "query", + "pattern": "info/features", + "roles": "*", }, - }, - "type": "object", - }, - "logical": false, - "title": "Transaction", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` -{ - "decisionCombiners": { - "DenyOverride": { - "_id": "DenyOverride", - "title": "DenyOverride", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Agent.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "Agent": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "AgentDataStoreDecisionNode", - "collection": true, - "name": "Agent Data Store Decision", + { + "actions": "listPrivileges", + "methods": "action", + "pattern": "privilege", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "privilege/*", + "roles": "*", + }, + { + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/termsAndConditions", + "roles": "*", + }, + { + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/kbaUpdate", + "roles": "*", + }, + { + "actions": "", + "customAuthz": "isMyProfile()", + "methods": "read,query", + "pattern": "profile/*", + "roles": "*", + }, + { + "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled('kba')", + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/openidm-authorized", + }, + { + "customAuthz": "checkIfApiRequest()", + "methods": "read", + "pattern": "*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "excludePatterns": "repo,repo/*", + "methods": "*", + "pattern": "*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "", + "methods": "create,read,update,delete,patch,query", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "methods": "script", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "test,testConfig,createconfiguration,liveSync,authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "command", + "customAuthz": "request.additionalParameters.commandId === 'delete-mapping-links'", + "methods": "action", + "pattern": "repo/link", + "roles": "internal/role/openidm-admin", + }, + { + "methods": "create,read,query,patch", + "pattern": "managed/*", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read,query", + "pattern": "internal/role/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "create,read,action,update", + "pattern": "profile/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/platform-provisioning", }, - }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", - "_outcomes": [ - { - "displayName": "Has Credentials", - "id": "true", - }, - { - "displayName": "No Credentials", - "id": "false", - }, - ], - "_type": { - "_id": "ZeroPageLoginNode", - "collection": true, - "name": "Zero Page Login Collector", + { + "methods": "read", + "pattern": "selfservice/terms", + "roles": "internal/role/platform-provisioning", }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Agent", - "description": "null", - "enabled": true, - "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Agent Data Store Decision", - "nodeType": "AgentDataStoreDecisionNode", - "x": 0, - "y": 0, + { + "actions": "sendTemplate", + "methods": "action", + "pattern": "external/email", + "roles": "internal/role/platform-provisioning", }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "a87ff679-a2f3-371d-9181-a67b7542122c", - }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", - "x": 0, - "y": 0, + { + "actions": "authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/platform-provisioning", }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Example.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "Example": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/openidm-authorized", }, - }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/*", + "roles": "internal/role/openidm-authorized", }, - }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", + { + "actions": "reauthenticate", + "methods": "action", + "pattern": "authentication", + "roles": "internal/role/openidm-authorized", }, - }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", - "_outcomes": [ - { - "displayName": "Has Credentials", - "id": "true", - }, - { - "displayName": "No Credentials", - "id": "false", - }, - ], - "_type": { - "_id": "ZeroPageLoginNode", - "collection": true, - "name": "Zero Page Login Collector", + { + "actions": "bind,unbind", + "customAuthz": "ownDataOnly()", + "methods": "read,action,delete", + "pattern": "*", + "roles": "internal/role/openidm-authorized", }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Example", - "description": "null", - "enabled": true, - "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "connections": { - "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', []) && reauthIfProtectedAttributeChange()", + "methods": "update,patch,action", + "pattern": "*", + "roles": "internal/role/openidm-authorized", }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, + { + "actions": "*", + "methods": "read", + "pattern": "endpoint/getprocessesforuser", + "roles": "internal/role/openidm-authorized", }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "connections": { - "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, + { + "actions": "*", + "methods": "query", + "pattern": "endpoint/gettasksview", + "roles": "internal/role/openidm-authorized", }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "connections": { - "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", - "x": 0, - "y": 0, + { + "actions": "complete", + "customAuthz": "isMyTask()", + "methods": "action", + "pattern": "workflow/taskinstance/*", + "roles": "internal/role/openidm-authorized", }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "Facebook-ProvisionIDMAccount": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialFacebookNode", - "collection": true, - "name": "Social Facebook", + { + "actions": "*", + "customAuthz": "canUpdateTask()", + "methods": "read,update", + "pattern": "workflow/taskinstance/*", + "roles": "internal/role/openidm-authorized", }, - "authenticationIdKey": "id", - "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", - "cfgAccountMapperConfiguration": { - "id": "iplanet-am-user-alias-list", + { + "actions": "*", + "customAuthz": "isAllowedToStartProcess()", + "methods": "create", + "pattern": "workflow/processinstance", + "roles": "internal/role/openidm-authorized", }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "first_name": "givenName", - "id": "iplanet-am-user-alias-list", - "last_name": "sn", - "name": "cn", + { + "actions": "read", + "methods": "*", + "pattern": "workflow/processdefinition/*", + "roles": "internal/role/openidm-authorized", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "facebook", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "public_profile,email", - "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", - "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", - }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ProvisionIdmAccountNode", - "collection": true, - "name": "Provision IDM Account", + { + "customAuthz": "restrictPatchToFields(['password'])", + "methods": "patch", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-cert", }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Facebook-ProvisionIDMAccount", - "description": "null", - "enabled": true, - "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - }, - "displayName": "Facebook Social Authentication", - "nodeType": "SocialFacebookNode", - "x": 0, - "y": 0, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_meta', false)", + "methods": "read", + "pattern": "internal/usermeta/*", + "roles": "internal/role/openidm-authorized", }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Provision IDM Account", - "nodeType": "ProvisionIdmAccountNode", - "x": 0, - "y": 0, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_notifications', true)", + "methods": "read,delete", + "pattern": "internal/notification/*", + "roles": "internal/role/openidm-authorized", }, - }, - "uiConfig": {}, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['idps','_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "deleteNotificationsForTarget", + "customAuthz": "request.additionalParameters.target === (context.security.authorization.component + '/' + context.security.authorization.id)", + "methods": "action", + "pattern": "notification", + "roles": "internal/role/openidm-authorized", + }, + ], }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-AnonymousUser.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "Google-AnonymousUser": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "_id": "1ff1de77-4005-38da-93f4-2943881c655f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, + "apiVersion": { + "_id": "apiVersion", + "warning": { + "enabled": { + "$bool": "&{openidm.apiVersion.warning.enabled|false}", + }, + "includeScripts": { + "$bool": "&{openidm.apiVersion.warning.includeScripts|false}", + }, + "logFilterResourcePaths": [ + "audit", + "authentication", + "cluster", + "config", + "consent", + "csv", + "external/rest", + "identityProviders", + "info", + "internal", + "internal/role", + "internal/user", + "internal/usermeta", + "managed", + "managed/assignment", + "managed/organization", + "managed/role", + "managed/user", + "notification", + "policy", + "privilege", + "profile", + "recon", + "recon/assoc", + "repo", + "selfservice/kba", + "selfservice/terms", + "scheduler/job", + "scheduler/trigger", + "schema", + "sync", + "sync/mappings", + "system", + "taskscanner", ], - "_type": { - "_id": "SetSuccessUrlNode", - "collection": true, - "name": "Success URL", - }, - "successUrl": "https://www.forgerock.com/", }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, + }, + "audit": { + "_id": "audit", + "auditServiceConfig": { + "availableAuditEventHandlers": [ + "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", + "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", + "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", + "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + "caseInsensitiveFields": [ + "/access/http/request/headers", + "/access/http/response/headers", ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", - }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "filterPolicies": { + "field": { + "excludeIf": [], + "includeIf": [], }, - ], - "_type": { - "_id": "AnonymousUserNode", - "collection": true, - "name": "Anonymous User Mapping", }, - "anonymousUserName": "anonymous", + "handlerForQueries": "json", }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-AnonymousUser", - "description": "null", - "enabled": true, - "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "eventHandlers": [ + { + "class": "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "config": { + "buffering": { + "maxSize": 100000, + "writeInterval": "100 millis", + }, + "enabled": { + "$bool": "&{openidm.audit.handler.json.enabled|true}", + }, + "logDirectory": "&{idm.data.dir}/audit", + "name": "json", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, - "displayName": "Set Success URL", - "nodeType": "SetSuccessUrlNode", - "x": 0, - "y": 0, }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + { + "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.stdout.enabled|false}", + }, + "name": "stdout", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "connections": { - "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + { + "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.repo.enabled|false}", + }, + "name": "repo", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, - "displayName": "Map to Anonymous User", - "nodeType": "AnonymousUserNode", - "x": 0, - "y": 0, }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-DynamicAccountCreation.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "Google-DynamicAccountCreation": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + ], + "eventTopics": { + "access": { + "defaultEvents": true, + "filter": { + "script": { + "globals": {}, + "source": "//seantest", + "type": "groovy", + }, }, - ], - "_type": { - "_id": "ProvisionDynamicAccountNode", - "collection": true, - "name": "Provision Dynamic Account", + "name": "access", }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "activity": { + "defaultEvents": true, + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, - ], - "_type": { - "_id": "CreatePasswordNode", - "collection": true, - "name": "Create Password", + "name": "activity", + "passwordFields": [ + "password", + ], + "watchedFields": [], }, - "minPasswordLength": 0, - }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", + "authentication": { + "defaultEvents": true, + "filter": { + "script": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, }, - ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", + "name": "authentication", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "config": { + "defaultEvents": true, + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", + "name": "config", }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + "recon": { + "defaultEvents": true, + "name": "recon", }, - "emailSubject": { - "en": "Your One Time Password", + "sync": { + "defaultEvents": true, + "name": "sync", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "_outcomes": [ - { - "displayName": "Retry", - "id": "Retry", - }, - { - "displayName": "Reject", - "id": "Reject", - }, - ], - "_type": { - "_id": "RetryLimitDecisionNode", - "collection": true, - "name": "Retry Limit Decision", - }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, + "exceptionFormatter": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", - "_outcomes": [ + }, + "authentication": { + "_id": "authentication", + "serverAuthContext": { + "authModules": [ { - "displayName": "Outcome", - "id": "outcome", + "enabled": true, + "name": "STATIC_USER", + "properties": { + "augmentSecurityContext": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, + "defaultUserRoles": [ + "internal/role/openidm-reg", + ], + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "fzE1J3P9LZOmuCuecCDnaQ==", + "iv": "nhI8UHymNRChGIyOC+5Sag==", + "keySize": 32, + "mac": "XfF7VE/o5Shv6AqW1Xe3TQ==", + "purpose": "idm.config.encryption", + "salt": "v0NHakffrjBJNL3zjhEOtg==", + "stableId": "openidm-sym-default", + }, + }, + }, + "queryOnResource": "internal/user", + "username": "anonymous", + }, }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", - }, - "length": 8, - }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", - "_outcomes": [ { - "displayName": "True", - "id": "true", + "enabled": true, + "name": "STATIC_USER", + "properties": { + "defaultUserRoles": [ + "internal/role/openidm-authorized", + "internal/role/openidm-admin", + ], + "password": "&{openidm.admin.password}", + "queryOnResource": "internal/user", + "username": "openidm-admin", + }, }, { - "displayName": "False", - "id": "false", + "enabled": true, + "name": "MANAGED_USER", + "properties": { + "augmentSecurityContext": { + "source": "var augmentYield = require('auth/customAuthz').setProtectedAttributes(security);require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, 'privileges', 'privilegeAssignments', augmentYield);", + "type": "text/javascript", + }, + "defaultUserRoles": [ + "internal/role/openidm-authorized", + ], + "propertyMapping": { + "additionalUserFields": [ + "adminOfOrg", + "ownerOfOrg", + ], + "authenticationId": "username", + "userCredential": "password", + "userRoles": "authzRoles", + }, + "queryId": "credential-query", + "queryOnResource": "managed/user", + }, }, ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", + "sessionModule": { + "name": "JWT_SESSION", + "properties": { + "enableDynamicRoles": false, + "isHttpOnly": true, + "maxTokenLifeMinutes": 120, + "sessionOnly": true, + "tokenIdleTimeMinutes": 30, + }, }, - "passwordExpiryTime": 5, }, }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-DynamicAccountCreation", - "description": "null", + "cluster": { + "_id": "cluster", "enabled": true, - "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "instanceCheckInInterval": 5000, + "instanceCheckInOffset": 0, + "instanceId": "&{openidm.node.id}", + "instanceRecoveryTimeout": 30000, + "instanceTimeout": 30000, + }, + "endpoint/getavailableuserstoassign": { + "_id": "endpoint/getavailableuserstoassign", + "file": "workflow/getavailableuserstoassign.js", + "type": "text/javascript", + }, + "endpoint/getprocessesforuser": { + "_id": "endpoint/getprocessesforuser", + "file": "workflow/getprocessesforuser.js", + "type": "text/javascript", + }, + "endpoint/gettasksview": { + "_id": "endpoint/gettasksview", + "file": "workflow/gettasksview.js", + "type": "text/javascript", + }, + "endpoint/mappingDetails": { + "_id": "endpoint/mappingDetails", + "context": "endpoint/mappingDetails", + "file": "mappingDetails.js", + "type": "text/javascript", + }, + "endpoint/oauthproxy": { + "_id": "endpoint/oauthproxy", + "context": "endpoint/oauthproxy", + "file": "oauthProxy.js", + "type": "text/javascript", + }, + "endpoint/removeRepoPathFromRelationships": { + "_id": "endpoint/removeRepoPathFromRelationships", + "file": "update/removeRepoPathFromRelationships.js", + "type": "text/javascript", + }, + "endpoint/repairMetadata": { + "_id": "endpoint/repairMetadata", + "file": "meta/metadataScanner.js", + "type": "text/javascript", + }, + "endpoint/updateInternalUserAndInternalRoleEntries": { + "_id": "endpoint/updateInternalUserAndInternalRoleEntries", + "file": "update/updateInternalUserAndInternalRoleEntries.js", + "type": "text/javascript", + }, + "endpoint/validateQueryFilter": { + "_id": "endpoint/validateQueryFilter", + "context": "util/validateQueryFilter", + "source": "try { org.forgerock.openidm.query.StringQueryFilters.parse(request.content._queryFilter).accept(new org.forgerock.util.query.MapFilterVisitor(), null); } catch (e) { throw { 'code' : 400, 'message' : e.message } };", + "type": "text/javascript", + }, + "external.rest": { + "_id": "external.rest", + "hostnameVerifier": "&{openidm.external.rest.hostnameVerifier}", + }, + "internal": { + "_id": "internal", + "objects": [ + { + "name": "role", + "properties": { + "authzMembers": { + "items": { + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + }, + }, }, - "displayName": "Provision Dynamic Account", - "nodeType": "ProvisionDynamicAccountNode", - "x": 0, - "y": 0, }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "connections": { - "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + { + "name": "notification", + "properties": { + "target": { + "reversePropertyName": "_notifications", + }, }, - "displayName": "Create Password", - "nodeType": "CreatePasswordNode", - "x": 0, - "y": 0, }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + ], + }, + "managed": { + "_id": "managed", + "objects": [ + { + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync", }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, - }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "connections": { - "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "name": "user", + "notifications": { + "property": "_notifications", }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 0, - "y": 0, - }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "connections": { - "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", - "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "postDelete": { + "source": "require('postDelete-idp-cleanup').removeConnectedIdpData(oldObject, resourceName, request);require('postDelete-notification-cleanup').removeConnectedNotificationData(oldObject, resourceName, request);", + "type": "text/javascript", }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, - }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "connections": { - "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "sn", + "mail", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "activeDate", + "inactiveDate", + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "policies": [ + { + "params": { + "regexp": "^(active|inactive)$", + }, + "policyId": "regexpMatches", + }, + ], + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "activeDate": { + "description": "Active Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": false, + "title": "Active Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Authorization Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "city": { + "description": "City", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "format": "datetime", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mapping", + "type": "object", + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "country": { + "description": "Country", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "description": { + "description": "Description", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "*", + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments", + ], + [ + "assignments", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles", + ], + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "inactiveDate": { + "description": "Inactive Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": false, + "title": "Inactive Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId", + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string", + }, + "customQuestion": { + "description": "Custom question", + "type": "string", + }, + "questionId": { + "description": "Question ID", + "type": "string", + }, + }, + "required": [], + "title": "KBA Info Items", + "type": "object", + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp", + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "title": "Effective Assignments", + "type": "array", + }, + "timestamp": { + "description": "Timestamp", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "type": "string", + }, + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Manager _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "memberOfOrg", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "password": { + "description": "Password", + "encryption": { + "purpose": "idm.password.encryption", + }, + "isPersonal": false, + "isProtected": true, + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", + }, + { + "params": { + "numCaps": 1, + }, + "policyId": "at-least-X-capitals", + }, + { + "params": { + "numNums": 1, + }, + "policyId": "at-least-X-numbers", + }, + { + "params": { + "disallowedFields": [ + "userName", + "givenName", + "sn", + ], + }, + "policyId": "cannot-contain-others", + }, + ], + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing", + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean", + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean", + }, + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Direct Reports Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "userName": { + "description": "Username", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-username", + }, + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "userName", + "givenName", + "sn", + "mail", + ], + "title": "User", + "type": "object", + "viewable": true, }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 0, - "y": 0, }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "connections": { - "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + { + "name": "role", + "onCreate": { + "globals": {}, + "source": "//asdfasdfadsfasdf", + "type": "text/javascript", }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/HmacOneTimePassword.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "HmacOneTimePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-check-square", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "condition", + "temporalConstraints", + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Assignments Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration", + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string", + }, + }, + "required": [ + "duration", + ], + "title": "Temporal Constraints Items", + "type": "object", + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Role", + "type": "object", }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", }, - "length": 8, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + { + "attributeEncryption": {}, + "name": "assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", + }, + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object", + }, + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string", + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true, + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Assignment Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Assignment", + "type": "object", }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", }, - "passwordExpiryTime": 5, - }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + { + "name": "organization", + "onCreate": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "onRead": { + "globals": {}, + "source": "//seantest", + "type": "groovy", }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", - }, - }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "_id": "98f13708-2101-34c4-b568-7be6106a3b84", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "admins", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members", + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Organization", + "type": "object", }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", - }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", - }, - "emailSubject": { - "en": "Your One Time Password", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", - }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + { + "name": "seantestmanagedobject", + "schema": { + "description": null, + "icon": "fa-database", + "mat-icon": null, + "title": null, }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", }, - }, + ], }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "HmacOneTimePassword", - "description": "null", - "enabled": true, - "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "connections": { - "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", - }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 0, - "y": 0, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 0, - "y": 0, - }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "connections": { - "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, - }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "connections": { - "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 0, - "y": 0, - }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "connections": { - "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "metrics": { + "_id": "metrics", + "enabled": false, }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PersistentCookie.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PersistentCookie": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", - }, - }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SetPersistentCookieNode", - "collection": true, - "name": "Set Persistent Cookie", - }, - "hmacSigningKey": null, - "idleTimeout": 5, - "maxLife": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, - }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "PersistentCookieDecisionNode", - "collection": true, - "name": "Persistent Cookie Decision", + "notification/passwordUpdate": { + "_id": "notification/passwordUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "password", + ], }, - "enforceClientIp": false, - "hmacSigningKey": null, - "idleTimeout": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, + "type": "groovy", }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", - }, + "enabled": { + "$bool": "&{openidm.notifications.passwordUpdate|false}", }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your password has been updated.", + "notificationType": "info", }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PersistentCookie", - "description": "null", - "enabled": true, - "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "connections": { - "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Set Persistent Cookie", - "nodeType": "SetPersistentCookieNode", - "x": 0, - "y": 0, - }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Persistent Cookie Decision", - "nodeType": "PersistentCookieDecisionNode", - "x": 0, - "y": 0, - }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "connections": { - "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, - }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", }, - "uiConfig": {}, }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformForgottenUsername.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformForgottenUsername": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "d82c8d16-19ad-3176-9665-453cfb2e55f0": { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", + "notification/profileUpdate": { + "_id": "notification/profileUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "userName", + "givenName", + "sn", + "mail", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "preferences", + ], }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, + "type": "groovy", + }, + "enabled": { + "$bool": "&{openidm.notifications.profileUpdate|false}", + }, + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your profile has been updated.", + "notificationType": "info", + }, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", }, }, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + "notificationFactory": { + "_id": "notificationFactory", + "enabled": { + "$bool": "&{openidm.notifications|false}", + }, + "threadPool": { + "maxPoolThreads": 2, + "maxQueueSize": 20000, + "steadyPoolThreads": 1, + "threadKeepAlive": 60, + }, + }, + "policy": { + "_id": "policy", + "additionalFiles": [], + "file": "policy.js", + "resources": [ + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getRegistrationProperties()", + "type": "text/javascript", }, - ], - "_type": { - "_id": "InnerTreeEvaluatorNode", - "collection": true, - "name": "Inner Tree Evaluator", + "resource": "selfservice/registration", }, - "tree": "PlatformLogin", - }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getResetProperties()", + "type": "text/javascript", }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", + "resource": "selfservice/reset", }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + { + "properties": [ + { + "name": "_id", + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + }, + { + "name": "password", + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", + }, + ], + }, + ], + "resource": "internal/user/*", }, - "emailTemplateName": "forgottenUsername", - "identityAttribute": "mail", - "objectLookup": true, - }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "_id": "a684ecee-e76f-3522-b732-86a895bc8436", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + }, + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", + }, + ], + }, + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + }, + { + "name": "privileges", + "policies": [ + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "params": { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "string", + ], + }, + "policyId": "valid-type", + }, + ], + }, + { + "name": "path", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "policyId": "valid-privilege-path", + }, + ], + }, + { + "name": "accessFlags", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-accessFlags-object", + }, + ], + }, + { + "name": "actions", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + ], + }, + { + "name": "permissions", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-permissions", + }, + ], + }, + { + "name": "filter", + "policies": [ + { + "params": { + "types": [ + "string", + "null", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-query-filter", + }, + ], + }, + ], + }, + "policyId": "valid-array-items", + }, + ], + }, + ], + "resource": "internal/role/*", }, - "nodes": [ - { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": { - "en": "Enter your email address or Sign in", + { + "properties": [ + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", + }, + ], + }, + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + }, + ], + "resource": "managed/role/*", }, - "pageHeader": { - "en": "Forgotten Username", + { + "properties": [ + { + "name": "objects", + "policies": [ + { + "policyId": "valid-event-scripts", + }, + ], + }, + ], + "resource": "config/managed", }, - "stage": "null", - }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", + ], + "type": "text/javascript", + }, + "privilegeAssignments": { + "_id": "privilegeAssignments", + "privilegeAssignments": [ + { + "name": "ownerPrivileges", + "privileges": [ + "owner-view-update-delete-orgs", + "owner-create-orgs", + "owner-view-update-delete-admins-and-members", + "owner-create-admins", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "ownerOfOrg", }, - "identityAttribute": "mail", - }, + { + "name": "adminPrivileges", + "privileges": [ + "admin-view-update-delete-orgs", + "admin-create-orgs", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "adminOfOrg", + }, + ], }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformForgottenUsername", - "description": "Forgotten Username Tree", - "enabled": true, - "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, + "privileges": { + "_id": "privileges", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "connections": { - "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "connections": { - "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "connections": { - "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/user", + "permissions": [ + "CREATE", + ], }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformLogin.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformLogin": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "642e92ef-b794-3173-8881-b53e1e1b18b6": { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, - "passwordAttribute": "password", - "validateInput": false, - }, - "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/user", + "permissions": [ + "CREATE", + ], }, - "usernameAttribute": "userName", - "validateInput": false, - }, + ], }, - "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "_id": "2838023a-778d-3aec-9c21-2708f721b788", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "process/access": { + "_id": "process/access", + "workflowAccess": [ + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-authorized", }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", }, - "identityAttribute": "userName", - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-admin", }, - ], - "_type": { - "_id": "InnerTreeEvaluatorNode", - "collection": true, - "name": "Inner Tree Evaluator", }, - "tree": "PlatformProgressiveProfile", - }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + ], + }, + "repo.ds": { + "_id": "repo.ds", + "commands": { + "delete-mapping-links": { + "_queryFilter": "/linkType eq "\${mapping}"", + "operation": "DELETE", + }, + "delete-target-ids-for-recon": { + "_queryFilter": "/reconId eq "\${reconId}"", + "operation": "DELETE", }, }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + "embedded": false, + "ldapConnectionFactories": { + "bind": { + "connectionPoolSize": 50, + "connectionSecurity": "startTLS", + "heartBeatIntervalSeconds": 60, + "heartBeatTimeoutMilliSeconds": 10000, + "primaryLdapServers": [ + { + "hostname": "opendj-frodo-dev.classic.com", + "port": 2389, + }, + ], + "secondaryLdapServers": [], }, - "nodes": [ - { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "root": { + "authentication": { + "simple": { + "bindDn": "uid=admin", + "bindPassword": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "lJ/B6T9e9CDKHCN8TxkD4g==", + "iv": "EdrerzwEUUkHG582cLDw5w==", + "keySize": 32, + "mac": "Aty9fXUtl4pexGlHOc+CBg==", + "purpose": "idm.config.encryption", + "salt": "BITSKlnPeT5klcuEZbngzw==", + "stableId": "openidm-sym-default", + }, + }, + }, + }, }, - ], - "pageDescription": { - "en": "New here? Create an account
Forgot username? Forgot password?", - }, - "pageHeader": { - "en": "Sign In", + "inheritFrom": "bind", }, - "stage": "null", }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformLogin", - "description": "Platform Login Tree", - "enabled": true, - "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "connections": { - "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", - }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, + "maxConnectionAttempts": 5, + "resourceMapping": { + "defaultMapping": { + "dnTemplate": "ou=generic,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "2838023a-778d-3aec-9c21-2708f721b788", + "explicitMapping": { + "clusteredrecontargetids": { + "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-recon-clusteredTargetIds", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "reconId": { + "ldapAttribute": "fr-idm-recon-id", + "type": "simple", + }, + "targetIds": { + "ldapAttribute": "fr-idm-recon-targetIds", + "type": "json", + }, + }, }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "connections": { - "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "dsconfig/attributeValue": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-attribute-value-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "matchAttribute": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-match-attribute", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformProgressiveProfile.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformProgressiveProfile": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "dsconfig/characterSet": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-character-set-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "allowUnclassifiedCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-allow-unclassified-characters", + "type": "simple", + }, + "characterSet": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-character-set", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minCharacterSets": { + "ldapAttribute": "ds-cfg-min-character-sets", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "preferences/updates", - "preferences/marketing", - ], - "identityAttribute": "userName", - "required": false, - "validateInputs": false, - }, - }, - "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { - "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", - "_outcomes": [ - { - "displayName": "True", - "id": "true", + "dsconfig/dictionary": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-dictionary-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "dictionaryFile": { + "isRequired": true, + "ldapAttribute": "ds-cfg-dictionary-file", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, }, - { - "displayName": "False", - "id": "false", + "dsconfig/lengthBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-length-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxPasswordLength": { + "ldapAttribute": "ds-cfg-max-password-length", + "type": "simple", + }, + "minPasswordLength": { + "ldapAttribute": "ds-cfg-min-password-length", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "QueryFilterDecisionNode", - "collection": true, - "name": "Query Filter Decision", - }, - "identityAttribute": "userName", - "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", - }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { - "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "dsconfig/passwordPolicies": { + "dnTemplate": "cn=Password Policies,cn=config", + "objectClasses": [ + "ds-cfg-password-policy", + "ds-cfg-authentication-policy", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "defaultPasswordStorageScheme": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-default-password-storage-scheme", + "type": "simple", + }, + "maxPasswordAge": { + "ldapAttribute": "ds-cfg-max-password-age", + "type": "simple", + }, + "passwordAttribute": { + "isRequired": true, + "ldapAttribute": "ds-cfg-password-attribute", + "type": "simple", + }, + "passwordHistoryCount": { + "ldapAttribute": "ds-cfg-password-history-count", + "type": "simple", + }, + "validator": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-password-validator", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "dsconfig/repeatedCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-repeated-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxConsecutiveLength": { + "isRequired": true, + "ldapAttribute": "ds-cfg-max-consecutive-length", + "type": "simple", + }, + }, }, - ], - "pageDescription": {}, - "pageHeader": { - "en": "Please select your preferences", - }, - "stage": "null", - }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { - "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", - "_outcomes": [ - { - "displayName": "True", - "id": "true", + "dsconfig/similarityBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-similarity-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minPasswordDifference": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-password-difference", + "type": "simple", + }, + }, }, - { - "displayName": "False", - "id": "false", + "dsconfig/uniqueCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-unique-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minUniqueCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-unique-characters", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "LoginCountDecisionNode", - "collection": true, - "name": "Login Count Decision", - }, - "amount": 3, - "identityAttribute": "userName", - "interval": "AT", - }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { - "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", + "dsconfig/userDefinedVirtualAttribute": { + "dnTemplate": "cn=Virtual Attributes,cn=config", + "objectClasses": [ + "ds-cfg-user-defined-virtual-attribute", + "ds-cfg-virtual-attribute", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "attributeType": { + "isRequired": true, + "ldapAttribute": "ds-cfg-attribute-type", + "type": "simple", + }, + "baseDn": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-base-dn", + "type": "simple", + }, + "conflictBehavior": { + "ldapAttribute": "ds-cfg-conflict-behavior", + "type": "simple", + }, + "enabled": { + "isRequired": true, + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "filter": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-filter", + "type": "simple", + }, + "groupDn": { + "ldapAttribute": "ds-cfg-group-dn", + "type": "simple", + }, + "javaClass": { + "isRequired": true, + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "scope": { + "ldapAttribute": "ds-cfg-scope", + "type": "simple", + }, + "value": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-value", + "type": "simple", + }, + }, }, - { - "displayName": "Failed", - "id": "FAILURE", + "internal/role": { + "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "fr-idm-internal-role", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "authzMembers": { + "isMultiValued": true, + "propertyName": "authzRoles", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "condition": { + "ldapAttribute": "fr-idm-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "name": { + "ldapAttribute": "fr-idm-name", + "type": "simple", + }, + "privileges": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-privilege", + "type": "json", + }, + "temporalConstraints": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-temporal-constraints", + "type": "json", + }, + }, }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformProgressiveProfile", - "description": "Prompt for missing preferences on 3rd login", - "enabled": true, - "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { - "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "internal/user": { + "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-internal-user", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "password": { + "ldapAttribute": "fr-idm-password", + "type": "json", + }, + }, }, - "displayName": "Query Filter Decision", - "nodeType": "QueryFilterDecisionNode", - "x": 0, - "y": 0, - }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { - "connections": { - "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "link": { + "dnTemplate": "ou=links,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-link", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "firstId": { + "ldapAttribute": "fr-idm-link-firstId", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-link-qualifier", + "type": "simple", + }, + "linkType": { + "ldapAttribute": "fr-idm-link-type", + "type": "simple", + }, + "secondId": { + "ldapAttribute": "fr-idm-link-secondId", + "type": "simple", + }, + }, }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { - "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "locks": { + "dnTemplate": "ou=locks,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-lock", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "nodeId": { + "ldapAttribute": "fr-idm-lock-nodeid", + "type": "simple", + }, + }, }, - "displayName": "Login Count Decision", - "nodeType": "LoginCountDecisionNode", - "x": 0, - "y": 0, - }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "recon/assoc": { + "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "namingStrategy": { + "dnAttribute": "fr-idm-reconassoc-reconid", + "type": "clientDnNaming", + }, + "objectClasses": [ + "fr-idm-reconassoc", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "fr-idm-reconassoc-reconid", + "type": "simple", + }, + "finishTime": { + "ldapAttribute": "fr-idm-reconassoc-finishtime", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "subResources": { + "entry": { + "namingStrategy": { + "dnAttribute": "uid", + "type": "clientDnNaming", + }, + "resource": "recon-assoc-entry", + "type": "collection", + }, + }, }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformRegistration.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformRegistration": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "recon/assoc/entry": { + "objectClasses": [ + "uidObject", + "fr-idm-reconassocentry", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + }, + "action": { + "ldapAttribute": "fr-idm-reconassocentry-action", + "type": "simple", + }, + "ambiguousTargetObjectIds": { + "ldapAttribute": "fr-idm-reconassocentry-ambiguoustargetobjectids", + "type": "simple", + }, + "exception": { + "ldapAttribute": "fr-idm-reconassocentry-exception", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-reconassocentry-linkqualifier", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "message": { + "ldapAttribute": "fr-idm-reconassocentry-message", + "type": "simple", + }, + "messageDetail": { + "ldapAttribute": "fr-idm-reconassocentry-messagedetail", + "type": "simple", + }, + "phase": { + "ldapAttribute": "fr-idm-reconassocentry-phase", + "type": "simple", + }, + "reconId": { + "ldapAttribute": "fr-idm-reconassocentry-reconid", + "type": "simple", + }, + "situation": { + "ldapAttribute": "fr-idm-reconassocentry-situation", + "type": "simple", + }, + "sourceObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-sourceObjectId", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "status": { + "ldapAttribute": "fr-idm-reconassocentry-status", + "type": "simple", + }, + "targetObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-targetObjectId", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "resourceName": "recon-assoc-entry", + "subResourceRouting": [ + { + "prefix": "entry", + "template": "recon/assoc/{reconId}/entry", + }, + ], }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "givenName", - "sn", - "mail", - "preferences/marketing", - "preferences/updates", - ], - "identityAttribute": "userName", - "required": true, - "validateInputs": true, - }, - "1c383cd3-0b7c-398a-b502-93adfecb7b18": { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "sync/queue": { + "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-syncqueue", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "context": { + "ldapAttribute": "fr-idm-syncqueue-context", + "type": "json", + }, + "createDate": { + "ldapAttribute": "fr-idm-syncqueue-createdate", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-syncqueue-mapping", + "type": "simple", + }, + "newObject": { + "ldapAttribute": "fr-idm-syncqueue-newobject", + "type": "json", + }, + "nodeId": { + "ldapAttribute": "fr-idm-syncqueue-nodeid", + "type": "simple", + }, + "objectRev": { + "ldapAttribute": "fr-idm-syncqueue-objectRev", + "type": "simple", + }, + "oldObject": { + "ldapAttribute": "fr-idm-syncqueue-oldobject", + "type": "json", + }, + "resourceCollection": { + "ldapAttribute": "fr-idm-syncqueue-resourcecollection", + "type": "simple", + }, + "resourceId": { + "ldapAttribute": "fr-idm-syncqueue-resourceid", + "type": "simple", + }, + "state": { + "ldapAttribute": "fr-idm-syncqueue-state", + "type": "simple", + }, + "syncAction": { + "ldapAttribute": "fr-idm-syncqueue-syncaction", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", }, - "passwordAttribute": "password", - "validateInput": true, - }, - "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "genericMapping": { + "cluster/*": { + "dnTemplate": "ou=cluster,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-cluster-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", + "objectClasses": [ + "uidObject", + "fr-idm-cluster-obj", + ], }, - ], - "_type": { - "_id": "AcceptTermsAndConditionsNode", - "collection": true, - "name": "Accept Terms and Conditions", - }, - }, - "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "config": { + "dnTemplate": "ou=config,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "KbaCreateNode", - "collection": true, - "name": "KBA Definition", - }, - "allowUserDefinedQuestions": true, - "message": { - "en": "Select a security question", - }, - }, - "e369853d-f766-3a44-a1ed-0ff613f563bd": { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "file": { + "dnTemplate": "ou=file,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": true, - }, - }, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "import": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", - }, - "identityAttribute": "userName", - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", - "_outcomes": [ - { - "displayName": "Created", - "id": "CREATED", + "import/*": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - { - "displayName": "Failed", - "id": "FAILURE", + "internal/notification": { + "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-notification-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-notification", + ], + "properties": { + "target": { + "propertyName": "_notifications", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, }, - ], - "_type": { - "_id": "CreateObjectNode", - "collection": true, - "name": "Create Object", - }, - "identityResource": "managed/user", - }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "internal/usermeta": { + "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", + "jsonstorage": { + "dnTemplate": "ou=jsonstorage,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "managed/*": { + "dnTemplate": "ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "managed/assignment": { + "dnTemplate": "ou=assignment,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-assignment-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-assignment", + ], + "properties": { + "condition": { + "ldapAttribute": "fr-idm-assignment-condition", + "type": "simple", + }, + "members": { + "isMultiValued": true, + "propertyName": "assignments", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "propertyName": "assignments", + "resourcePath": "managed/role", + "type": "reverseReference", + }, + }, }, - { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "displayName": "KBA Definition", - "nodeType": "KbaCreateNode", + "managed/organization": { + "dnTemplate": "ou=organization,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + ], + "properties": { + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/organization", + "type": "reverseReference", + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple", + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + }, }, - { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "displayName": "Accept Terms and Conditions", - "nodeType": "AcceptTermsAndConditionsNode", + "managed/role": { + "dnTemplate": "ou=role,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role", + ], + "properties": { + "assignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-role-assignments", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", + }, + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, }, - ], - "pageDescription": { - "en": "Signing up is fast and easy.
Already have an account?Sign In", - }, - "pageHeader": { - "en": "Sign Up", - }, - "stage": "null", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformRegistration", - "description": "Platform Registration Tree", - "enabled": true, - "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "managed/user": { + "dnTemplate": "ou=user,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-user-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedUser", + "objectClasses": [ + "uidObject", + "fr-idm-managed-user", + ], + "properties": { + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "internal/usermeta", + "type": "reference", + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference", + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "assignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-assignment-member", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference", + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/user", + "type": "reference", + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "passwordExpirationTime": { + "ldapAttribute": "pwdExpirationTime", + "type": "simple", + "writability": "readOnlyDiscardWrites", + }, + "passwordLastChangedTime": { + "ldapAttribute": "pwdChangedTime", + "type": "simple", + "writability": "readOnlyDiscardWrites", + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/role", + "type": "reference", + }, + }, }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "connections": { - "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "reconprogressstate": { + "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "displayName": "Create Object", - "nodeType": "CreateObjectNode", - "x": 0, - "y": 0, - }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "connections": { - "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "relationships": { + "dnTemplate": "ou=relationships,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-relationship-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", + "objectClasses": [ + "uidObject", + "fr-idm-relationship", + ], }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformResetPassword.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformResetPassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "44f683a8-4163-3352-bafe-57c2e008bc8c": { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "scheduler": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - "66f041e1-6a60-328b-85a7-e228a89c3799": { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "scheduler/*": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "ui/*": { + "dnTemplate": "ou=ui,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "updates": { + "dnTemplate": "ou=updates,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, + }, + "rest2LdapOptions": { + "mvccAttribute": "etag", + "readOnUpdatePolicy": "controls", + "returnNullForMissingProperties": true, + "useMvcc": true, + "usePermissiveModify": true, + "useSubtreeDelete": false, + }, + "security": { + "fileBasedTrustManagerFile": "&{idm.install.dir}/security/truststore", + "fileBasedTrustManagerPasswordFile": "&{idm.install.dir}/security/storepass", + "fileBasedTrustManagerType": "JKS", + "trustManager": "file", }, }, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", - "_outcomes": [ + "repo.init": { + "_id": "repo.init", + "insert": { + "internal/role": [ { - "displayName": "Outcome", - "id": "outcome", + "description": "Administrative access", + "id": "openidm-admin", + "name": "openidm-admin", }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "description": "Basic minimum user", + "id": "openidm-authorized", + "name": "openidm-authorized", }, - ], - "pageDescription": { - "en": "Change password", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "_id": "072b030b-a126-32f4-b237-4f342be9ed44", - "_outcomes": [ { - "displayName": "True", - "id": "true", + "description": "Anonymous access", + "id": "openidm-reg", + "name": "openidm-reg", }, { - "displayName": "False", - "id": "false", + "description": "Authenticated via certificate", + "id": "openidm-cert", + "name": "openidm-cert", }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", - }, - "identifier": "userName", - "identityAttribute": "mail", - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "description": "Allowed to reassign workflow tasks", + "id": "openidm-tasks-manager", + "name": "openidm-tasks-manager", }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "description": "Platform provisioning access", + "id": "platform-provisioning", + "name": "platform-provisioning", }, ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", - }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "_outcomes": [ + "internal/user": [ { - "displayName": "Outcome", - "id": "outcome", + "id": "openidm-admin", + "password": "&{openidm.admin.password}", }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", - }, - "emailTemplateName": "resetPassword", - "identityAttribute": "mail", - "objectLookup": true, - }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - "_outcomes": [ { - "displayName": "Patched", - "id": "PATCHED", + "id": "anonymous", + "password": "anonymous", }, { - "displayName": "Failed", - "id": "FAILURE", + "id": "idm-provisioning", + }, + { + "id": "connector-server-client", }, ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "mail", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, }, }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformResetPassword", - "description": "Reset Password Tree", - "enabled": true, - "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "connections": { - "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "connections": { - "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "connections": { - "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "connections": { - "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "router": { + "_id": "router", + "filters": [ + { + "methods": [ + "create", + "update", + ], + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, + "pattern": "^(managed|internal)($|(/.+))", }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + { + "methods": [ + "update", + ], + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, + "pattern": "^config/managed$", }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformUpdatePassword.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformUpdatePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "735b90b4-5681-35ed-ac3f-678819b6e058": { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + { + "condition": { + "source": "(context.caller.external === true) && (typeof context.privilege === 'undefined' || Object.keys(context.privilege.matchingPrivileges).length === 0)", + "type": "text/javascript", }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, - "7cbbc409-ec99-3f19-878c-75bd1e06f215": { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "onResponse": { + "source": "require('relationshipFilter').filterResponse()", + "type": "text/javascript", }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", + "pattern": "^(managed|internal)($|(/.+))", }, - "passwordAttribute": "password", - "validateInput": true, - }, + ], }, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + "schedule/seantest": { + "_id": "schedule/seantest", + "concurrentExecution": false, + "enabled": false, + "endTime": null, + "invokeContext": { + "script": { + "globals": {}, + "source": "//sean has changed this script. Let's see if it is still working. qqqqqqqqqqqqqqSchedule1 +", + "type": "text/javascript", }, }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - "_outcomes": [ - { - "displayName": "True", - "id": "true", + "invokeLogLevel": "info", + "invokeService": "script", + "misfirePolicy": "fireAndProceed", + "persisted": true, + "recoverable": false, + "repeatCount": 0, + "repeatInterval": 0, + "schedule": null, + "startTime": null, + "type": "simple", + }, + "schedule/taskscan_activate": { + "_id": "schedule/taskscan_activate", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/activeDate le "\${Time.nowWithOffset}") AND (!(/inactiveDate pr) or /inactiveDate ge "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", }, - { - "displayName": "False", - "id": "false", + "taskState": { + "completed": "/activateAccount/task-completed", + "started": "/activateAccount/task-started", }, - ], - "_type": { - "_id": "AttributePresentDecisionNode", - "collection": true, - "name": "Attribute Present Decision", }, - "identityAttribute": "userName", - "presentAttribute": "password", - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "active" }]; + +logger.debug("Performing Activate Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", }, - "emailTemplateName": "updatePassword", - "identityAttribute": "userName", - "objectLookup": true, + "waitForCompletion": false, }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", + }, + "schedule/taskscan_expire": { + "_id": "schedule/taskscan_expire", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/inactiveDate lt "\${Time.nowWithOffset}") AND (!(/activeDate pr) or /activeDate le "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "taskState": { + "completed": "/expireAccount/task-completed", + "started": "/expireAccount/task-started", }, - ], - "pageDescription": { - "en": "Enter current password", - }, - "pageHeader": { - "en": "Verify Existing Password", }, - "stage": "null", - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "inactive" }]; + +logger.debug("Performing Expire Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [ - "userName", - ], - "patchAsObject": true, + "waitForCompletion": false, }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter new password", - }, - "pageHeader": { - "en": "Update Password", + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", + }, + "scheduler": { + "_id": "scheduler", + "scheduler": { + "executePersistentSchedules": { + "$bool": "&{openidm.scheduler.execute.persistent.schedules}", }, - "stage": "null", }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SessionDataNode", - "collection": true, - "name": "Get Session Data", - }, - "sessionDataKey": "UserToken", - "sharedStateKey": "userName", + "threadPool": { + "threadCount": 10, }, }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformUpdatePassword", - "description": "Update password using active session", - "enabled": true, - "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "connections": { - "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", - }, - "displayName": "Attribute Present Decision", - "nodeType": "AttributePresentDecisionNode", - "x": 0, - "y": 0, - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "connections": { - "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "connections": { - "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "script": { + "ECMAScript": { + "javascript.optimization.level": 9, + "javascript.recompile.minimumInterval": 60000, + }, + "Groovy": { + "#groovy.disabled.global.ast.transformations": "", + "#groovy.errors.tolerance": 10, + "#groovy.output.debug": false, + "#groovy.output.verbose": false, + "#groovy.script.base": "#any class extends groovy.lang.Script", + "#groovy.script.extension": ".groovy", + "#groovy.target.bytecode": "1.8", + "#groovy.target.directory": "&{idm.data.dir}/classes", + "#groovy.target.indy": true, + "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", + "groovy.classpath": "&{idm.install.dir}/lib", + "groovy.recompile": true, + "groovy.recompile.minimumInterval": 60000, + "groovy.source.encoding": "UTF-8", + }, + "_id": "script", + "properties": {}, + "sources": { + "default": { + "directory": "&{idm.install.dir}/bin/defaults/script", }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, + "install": { + "directory": "&{idm.install.dir}", }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "connections": { - "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "project": { + "directory": "&{idm.instance.dir}", }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "connections": { - "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - }, - "displayName": "Get Session Data", - "nodeType": "SessionDataNode", - "x": 0, - "y": 0, + "project-script": { + "directory": "&{idm.instance.dir}/script", }, }, - "uiConfig": {}, }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/RetryLimit.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "RetryLimit": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", - }, - }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", - "_outcomes": [ - { - "displayName": "Retry", - "id": "Retry", - }, - { - "displayName": "Reject", - "id": "Reject", + "secrets": { + "_id": "secrets", + "stores": [ + { + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", + "config": { + "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", + "mappings": [ + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.default", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.config.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.password.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.https.keystore.cert.alias|openidm-localhost}", + ], + "secretId": "idm.jwt.session.module.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", + ], + "secretId": "idm.jwt.session.module.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "selfservice", + ], + "secretId": "idm.selfservice.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", + ], + "secretId": "idm.selfservice.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.assignment.attribute.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + ], + "providerName": "&{openidm.keystore.provider|SunJCE}", + "storePassword": "&{openidm.keystore.password|changeit}", + "storetype": "&{openidm.keystore.type|JCEKS}", }, - ], - "_type": { - "_id": "RetryLimitDecisionNode", - "collection": true, - "name": "Retry Limit Decision", + "name": "mainKeyStore", }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, - }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + { + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", + "config": { + "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", + "mappings": [], + "providerName": "&{openidm.truststore.provider|SUN}", + "storePassword": "&{openidm.truststore.password|changeit}", + "storetype": "&{openidm.truststore.type|JKS}", }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + "name": "mainTrustStore", }, - }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + ], + }, + "selfservice.kba": { + "_id": "selfservice.kba", + "kbaPropertyName": "kbaInfo", + "minimumAnswersToDefine": 2, + "minimumAnswersToVerify": 1, + "questions": { + "1": { + "en": "What's your favorite color?", + "en_GB": "What is your favourite colour?", + "fr": "Quelle est votre couleur préférée?", }, - }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AccountLockoutNode", - "collection": true, - "name": "Account Lockout", + "2": { + "en": "Who was your first employer?", }, - "lockAction": "LOCK", }, }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "RetryLimit", - "description": "null", - "enabled": true, - "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "connections": { - "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, + "selfservice.propertymap": { + "_id": "selfservice.propertymap", + "properties": [ + { + "source": "givenName", + "target": "givenName", }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "connections": { - "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", - "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, + { + "source": "familyName", + "target": "sn", }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "connections": { - "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, + { + "source": "email", + "target": "mail", }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "connections": { - "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, + { + "condition": "/object/postalAddress pr", + "source": "postalAddress", + "target": "postalAddress", }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "connections": { - "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", - }, - "displayName": "Account Lockout", - "nodeType": "AccountLockoutNode", - "x": 0, - "y": 0, + { + "condition": "/object/addressLocality pr", + "source": "addressLocality", + "target": "city", }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Test-Tree.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "Test Tree": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "0254ab35-daea-40db-9a53-44fc06715e48": { - "_id": "0254ab35-daea-40db-9a53-44fc06715e48", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + { + "condition": "/object/addressRegion pr", + "source": "addressRegion", + "target": "stateProvince", }, - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Test Tree", - "enabled": true, - "entryNodeId": "0254ab35-daea-40db-9a53-44fc06715e48", - "innerTreeOnly": false, - "nodes": { - "0254ab35-daea-40db-9a53-44fc06715e48": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 150, - "y": 20, + { + "condition": "/object/postalCode pr", + "source": "postalCode", + "target": "postalCode", }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 447, - "y": 49, + { + "condition": "/object/country pr", + "source": "country", + "target": "country", }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 577, - "y": 71, + { + "condition": "/object/phone pr", + "source": "phone", + "target": "telephoneNumber", }, - "startNode": { - "x": 50, - "y": 25, + { + "source": "username", + "target": "userName", }, + ], + }, + "selfservice.terms": { + "_id": "selfservice.terms", + "active": "0.0", + "uiConfig": { + "buttonText": "Accept", + "displayName": "We've updated our terms", + "purpose": "You must accept the updated terms in order to proceed.", }, - "uiConfig": {}, + "versions": [ + { + "createDate": "2019-10-28T04:20:11.320Z", + "termsTranslations": { + "en": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.", + }, + "version": "0.0", + }, + ], }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/policyset/oauth2Scopes.policyset.json 1`] = ` -{ - "meta": Any, - "policyset": { - "oauth2Scopes": { - "applicationType": "iPlanetAMWebAgentService", - "attributeNames": [], - "conditions": [ - "Script", - "AMIdentityMembership", - "IPv6", - "SimpleTime", - "IPv4", - "LEAuthLevel", - "LDAPFilter", - "AuthScheme", - "Session", - "AND", - "AuthenticateToRealm", - "ResourceEnvIP", - "SessionProperty", - "OAuth2Scope", - "OR", - "Transaction", - "NOT", - "AuthLevel", - "AuthenticateToService", - ], - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1578580064992, - "description": "The built-in Application used by the OAuth2 scope authorization process.", - "displayName": "Default OAuth2 Scopes Policy Set", - "editable": true, - "entitlementCombiner": "DenyOverride", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509790191, - "name": "oauth2Scopes", - "resourceComparator": null, - "resourceTypeUuids": [ - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - ], - "saveIndex": null, - "searchIndex": null, - "subjects": [ - "AuthenticatedUsers", - "NOT", - "Identity", - "OR", - "AND", - "NONE", - "JwtClaim", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { - "actions": { - "GRANT": true, + "servletfilter/cors": { + "_id": "servletfilter/cors", + "filterClass": "org.eclipse.jetty.ee10.servlets.CrossOriginFilter", + "initParams": { + "allowCredentials": true, + "allowedHeaders": "accept,x-openidm-password,x-openidm-nosession,x-openidm-username,content-type,origin,x-requested-with", + "allowedMethods": "GET,POST,PUT,DELETE,PATCH", + "allowedOrigins": "https://localhost:&{openidm.port.https}", + "chainPreflight": false, + }, + "urlPatterns": [ + "/*", + ], }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030586, - "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509790156, - "name": "OAuth2 Scope", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - "*", - ], - "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/URL.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, + "servletfilter/payload": { + "_id": "servletfilter/payload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", + "initParams": { + "maxRequestSizeInMegabytes": 5, + }, + "urlPatterns": [ + "&{openidm.servlet.alias}/*", + ], }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030487, - "description": "The built-in URL Resource Type available to OpenAM Policies.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509790171, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-keystore.secretstore.json 1`] = ` -{ - "meta": Any, - "secretstore": { - "default-keystore": { - "_id": "default-keystore", - "_type": { - "_id": "KeyStoreSecretStore", - "collection": true, - "name": "Keystore", + "servletfilter/upload": { + "_id": "servletfilter/upload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", + "initParams": { + "maxRequestSizeInMegabytes": 50, + }, + "urlPatterns": [ + "&{openidm.servlet.upload.alias}/*", + ], }, - "file": "/home/prestonhales/am/security/keystores/keystore.jceks", - "keyEntryPassword": "entrypass", - "leaseExpiryDuration": 5, - "mappings": [], - "providerName": "SunJCE", - "storePassword": "storepass", - "storetype": "JCEKS", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-passwords-store.secretstore.json 1`] = ` -{ - "meta": Any, - "secretstore": { - "default-passwords-store": { - "_id": "default-passwords-store", - "_type": { - "_id": "FileSystemSecretStore", - "collection": true, - "name": "File System Secret Volumes", + "ui.context/admin": { + "_id": "ui.context/admin", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/admin/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/admin/extension", + "responseHeaders": { + "X-Frame-Options": "SAMEORIGIN", + }, + "urlContextRoot": "/admin", }, - "directory": "/home/prestonhales/am/security/secrets/encrypted", - "format": "ENCRYPTED_PLAIN", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/SocialIdentityProviders.service.json 1`] = ` -{ - "meta": Any, - "service": { - "SocialIdentityProviders": { - "_id": "", - "_type": { - "_id": "SocialIdentityProviders", - "collection": false, - "name": "Social Identity Provider Service", + "ui.context/api": { + "_id": "ui.context/api", + "authEnabled": true, + "cacheEnabled": false, + "defaultDir": "&{idm.install.dir}/ui/api/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/api/extension", + "urlContextRoot": "/api", }, - "enabled": true, - "location": "/first/second", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/id-repositories.service.json 1`] = ` -{ - "meta": Any, - "service": { - "id-repositories": { - "_id": "", - "_type": { - "_id": "id-repositories", - "collection": false, - "name": "sunIdentityRepositoryService", + "ui.context/enduser": { + "_id": "ui.context/enduser", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/enduser", + "enabled": true, + "responseHeaders": { + "X-Frame-Options": "DENY", + }, + "urlContextRoot": "/", }, - "location": "/first/second", - "nextDescendents": [ - { - "_id": "embedded", - "_type": { - "_id": "LDAPv3ForOpenDS", - "collection": true, - "name": "OpenDJ", - }, - "authentication": { - "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", - }, - "cachecontrol": { - "sun-idrepo-ldapv3-dncache-enabled": true, - "sun-idrepo-ldapv3-dncache-size": 1500, - }, - "errorhandling": { - "com.iplanet.am.ldap.connection.delay.between.retries": 1000, - }, - "groupconfig": { - "sun-idrepo-ldapv3-config-group-attributes": [ - "dn", - "cn", - "uniqueMember", - "objectclass", - ], - "sun-idrepo-ldapv3-config-group-container-name": "ou", - "sun-idrepo-ldapv3-config-group-container-value": "groups", - "sun-idrepo-ldapv3-config-group-objectclass": [ - "top", - "groupofuniquenames", - ], - "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", - "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", - "sun-idrepo-ldapv3-config-memberurl": "memberUrl", - "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", - }, - "ldapsettings": { - "openam-idrepo-ldapv3-affinity-level": "all", - "openam-idrepo-ldapv3-behera-support-enabled": true, - "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, - "openam-idrepo-ldapv3-heartbeat-interval": 10, - "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", - "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", - "openam-idrepo-ldapv3-mtls-enabled": false, - "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, - "openam-idrepo-ldapv3-proxied-auth-enabled": false, - "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", - "sun-idrepo-ldapv3-config-authpw": null, - "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", - "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, - "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, - "sun-idrepo-ldapv3-config-ldap-server": [ - "localhost:50636", - "localhost:50636|01", - ], - "sun-idrepo-ldapv3-config-max-result": 1000, - "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", - "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-time-limit": 10, - "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + "ui.context/oauth": { + "_id": "ui.context/oauth", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/oauth/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/oauth/extension", + "urlContextRoot": "/oauthReturn", + }, + "ui/configuration": { + "_id": "ui/configuration", + "configuration": { + "defaultNotificationType": "info", + "forgotUsername": false, + "lang": "en", + "notificationTypes": { + "error": { + "iconPath": "images/notifications/error.png", + "name": "common.notification.types.error", + }, + "info": { + "iconPath": "images/notifications/info.png", + "name": "common.notification.types.info", + }, + "warning": { + "iconPath": "images/notifications/warning.png", + "name": "common.notification.types.warning", + }, }, - "persistentsearch": { - "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", - "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + "passwordReset": false, + "passwordResetLink": "", + "roles": { + "internal/role/openidm-admin": "ui-admin", + "internal/role/openidm-authorized": "ui-user", }, - "pluginconfig": { - "sunIdRepoAttributeMapping": [], - "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", - "sunIdRepoSupportedOperations": [ - "realm=read,create,edit,delete,service", - "user=read,create,edit,delete,service", - "group=read,create,edit,delete", + "selfRegistration": false, + }, + }, + "ui/dashboard": { + "_id": "ui/dashboard", + "adminDashboards": [ + { + "isDefault": true, + "name": "Quick Start", + "widgets": [ + { + "cards": [ + { + "href": "#connectors/add/", + "icon": "fa-database", + "name": "Add Connector", + }, + { + "href": "#mapping/add/", + "icon": "fa-map-marker", + "name": "Create Mapping", + }, + { + "href": "#resource/managed/role/list/", + "icon": "fa-check-square-o", + "name": "Manage Roles", + }, + { + "href": "#managed/add/", + "icon": "fa-tablet", + "name": "Add Device", + }, + { + "href": "#selfservice/userregistration/", + "icon": "fa-gear", + "name": "Configure Registration", + }, + { + "href": "#selfservice/passwordreset/", + "icon": "fa-gear", + "name": "Configure Password Reset", + }, + { + "href": "#resource/managed/user/list/", + "icon": "fa-user", + "name": "Manage Users", + }, + { + "href": "#settings/", + "icon": "fa-user", + "name": "Configure System Preferences", + }, + ], + "size": "large", + "type": "quickStart", + }, ], }, - "userconfig": { - "sun-idrepo-ldapv3-config-active": "Active", - "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ - "kbaInfoAttempts", - ], - "sun-idrepo-ldapv3-config-auth-kba-attr": [ - "kbaInfo", - ], - "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", - "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ - "cn", - "sn", - ], - "sun-idrepo-ldapv3-config-inactive": "Inactive", - "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", - "sun-idrepo-ldapv3-config-people-container-name": "ou", - "sun-idrepo-ldapv3-config-people-container-value": "people", - "sun-idrepo-ldapv3-config-user-attributes": [ - "iplanet-am-auth-configuration", - "iplanet-am-user-alias-list", - "iplanet-am-user-password-reset-question-answer", - "mail", - "assignedDashboard", - "authorityRevocationList", - "dn", - "iplanet-am-user-password-reset-options", - "employeeNumber", - "createTimestamp", - "kbaActiveIndex", - "caCertificate", - "iplanet-am-session-quota-limit", - "iplanet-am-user-auth-config", - "sun-fm-saml2-nameid-infokey", - "sunIdentityMSISDNNumber", - "iplanet-am-user-password-reset-force-reset", - "sunAMAuthInvalidAttemptsData", - "devicePrintProfiles", - "givenName", - "iplanet-am-session-get-valid-sessions", - "objectClass", - "adminRole", - "inetUserHttpURL", - "lastEmailSent", - "iplanet-am-user-account-life", - "postalAddress", - "userCertificate", - "preferredtimezone", - "iplanet-am-user-admin-start-dn", - "boundDevices", - "oath2faEnabled", - "preferredlanguage", - "sun-fm-saml2-nameid-info", - "userPassword", - "iplanet-am-session-service-status", - "telephoneNumber", - "iplanet-am-session-max-idle-time", - "distinguishedName", - "iplanet-am-session-destroy-sessions", - "kbaInfoAttempts", - "modifyTimestamp", - "uid", - "iplanet-am-user-success-url", - "iplanet-am-user-auth-modules", - "kbaInfo", - "memberOf", - "sn", - "preferredLocale", - "manager", - "iplanet-am-session-max-session-time", - "deviceProfiles", - "cn", - "oathDeviceProfiles", - "webauthnDeviceProfiles", - "iplanet-am-user-login-status", - "pushDeviceProfiles", - "push2faEnabled", - "inetUserStatus", - "retryLimitNodeCount", - "iplanet-am-user-failure-url", - "iplanet-am-session-max-caching-time", - ], - "sun-idrepo-ldapv3-config-user-objectclass": [ - "iplanet-am-managed-person", - "inetuser", - "sunFMSAML2NameIdentifier", - "inetorgperson", - "devicePrintProfilesContainer", - "boundDevicesContainer", - "iplanet-am-user-service", - "iPlanetPreferences", - "pushDeviceProfilesContainer", - "forgerock-am-dashboard-service", - "organizationalperson", - "top", - "kbaInfoContainer", - "person", - "sunAMAuthAccountLockout", - "oathDeviceProfilesContainer", - "webauthnDeviceProfilesContainer", - "iplanet-am-auth-configuration-service", - "deviceProfilesContainer", + { + "isDefault": false, + "name": "System Monitoring", + "widgets": [ + { + "legendRange": { + "month": [ + 500, + 2500, + 5000, + ], + "week": [ + 10, + 30, + 90, + 270, + 810, + ], + "year": [ + 10000, + 40000, + 100000, + 250000, + ], + }, + "maxRange": "#24423c", + "minRange": "#b0d4cd", + "size": "large", + "type": "audit", + }, + { + "size": "large", + "type": "clusterStatus", + }, + { + "size": "large", + "type": "systemHealthFull", + }, + { + "barchart": "false", + "size": "large", + "type": "lastRecon", + }, + ], + }, + { + "isDefault": false, + "name": "Resource Report", + "widgets": [ + { + "selected": "activeUsers", + "size": "x-small", + "type": "counter", + }, + { + "selected": "rolesEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "activeConnectors", + "size": "x-small", + "type": "counter", + }, + { + "size": "large", + "type": "resourceList", + }, + ], + }, + { + "isDefault": false, + "name": "Business Report", + "widgets": [ + { + "graphType": "fa-pie-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "signIns", + "widgetTitle": "Sign-Ins", + }, + { + "graphType": "fa-bar-chart", + "size": "x-small", + "type": "passwordResets", + "widgetTitle": "Password Resets", + }, + { + "graphType": "fa-line-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "newRegistrations", + "widgetTitle": "New Registrations", + }, + { + "size": "x-small", + "timezone": { + "hours": "07", + "minutes": "00", + "negative": true, + }, + "type": "socialLogin", + }, + { + "selected": "socialEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "manualRegistrations", + "size": "x-small", + "type": "counter", + }, + ], + }, + { + "isDefault": false, + "name": "seantestdashboard", + "widgets": [ + { + "size": "large", + "type": "resourceList", + }, ], - "sun-idrepo-ldapv3-config-users-search-attribute": "uid", - "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", }, - }, - ], - "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", - "sunIdRepoAttributeValidator": [ - "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", - "minimumPasswordLength=8", - "usernameInvalidChars=*|(|)|&|!", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/oauth-oidc.service.json 1`] = ` -{ - "meta": Any, - "service": { - "oauth-oidc": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": false, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:token-exchange", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "changeme", - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "[Empty]", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - ], - "supportedScopes": [], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": false, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", ], + "dashboard": { + "widgets": [ + { + "size": "large", + "type": "Welcome", + }, + ], + }, }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", + "ui/profile": { + "_id": "ui/profile", + "tabs": [ + { + "name": "personalInfoTab", + "view": "org/forgerock/openidm/ui/user/profile/personalInfo/PersonalInfoTab", + }, + { + "name": "signInAndSecurity", + "view": "org/forgerock/openidm/ui/user/profile/signInAndSecurity/SignInAndSecurityTab", + }, + { + "name": "preference", + "view": "org/forgerock/openidm/ui/user/profile/PreferencesTab", + }, + { + "name": "trustedDevice", + "view": "org/forgerock/openidm/ui/user/profile/TrustedDevicesTab", + }, + { + "name": "oauthApplication", + "view": "org/forgerock/openidm/ui/user/profile/OauthApplicationsTab", + }, + { + "name": "privacyAndConsent", + "view": "org/forgerock/openidm/ui/user/profile/PrivacyAndConsentTab", + }, + { + "name": "sharing", + "view": "org/forgerock/openidm/ui/user/profile/uma/SharingTab", + }, + { + "name": "auditHistory", + "view": "org/forgerock/openidm/ui/user/profile/uma/ActivityTab", + }, + { + "name": "accountControls", + "view": "org/forgerock/openidm/ui/user/profile/accountControls/AccountControlsTab", + }, ], }, - "consent": { - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", + "ui/themeconfig": { + "_id": "ui/themeconfig", + "icon": "favicon.ico", + "path": "", + "settings": { + "footer": { + "mailto": "info@pingidentity.com", + }, + "loginLogo": { + "alt": "Ping Identity", + "height": "120px", + "src": "images/login-logo-dark.png", + "title": "Ping Identity", + "width": "120px", + }, + "logo": { + "alt": "Ping Identity", + "src": "images/logo-horizontal-white.png", + "title": "Ping Identity", + }, + }, + "stylesheets": [ + "css/bootstrap-3.4.1-custom.css", + "css/structure.css", + "css/theme.css", ], }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "usePolicyEngineForScope": false, + "webserver": { + "_id": "webserver", + "gzip": { + "enabled": true, + "includedMethods": [ + "GET", + ], + }, + "maxThreads": { + "$int": "&{openidm.webserver.max.threads|&{org.ops4j.pax.web.server.maxThreads|200}}", + }, }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": false, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], + "webserver.listener/http": { + "_id": "webserver.listener/http", + "enabled": { + "$bool": "&{openidm.http.enabled|true}", + }, + "port": { + "$int": "&{openidm.port.http|8080}", + }, }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, + "webserver.listener/https": { + "_id": "webserver.listener/https", + "enabled": { + "$bool": "&{openidm.https.enabled|true}", + }, + "port": { + "$int": "&{openidm.port.https|8443}", + }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", }, - "location": "/first/second", - "nextDescendents": [], - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + "webserver.listener/mutualAuth": { + "_id": "webserver.listener/mutualAuth", + "enabled": { + "$bool": "&{openidm.mutualauth.enabled|true}", + }, + "mutualAuth": true, + "port": { + "$int": "&{openidm.port.mutualauth|8444}", + }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", }, }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/policyconfiguration.service.json 1`] = ` -{ - "meta": Any, - "service": { - "policyconfiguration": { - "_id": "", - "_type": { - "_id": "policyconfiguration", - "collection": false, - "name": "Policy Configuration", + "internalRole": { + "openidm-admin": { + "_id": "openidm-admin", + "condition": null, + "description": "Administrative access", + "name": "openidm-admin", + "privileges": [], + "temporalConstraints": [], }, - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "checkIfResourceTypeExists": true, - "connectionPoolMaximumSize": 10, - "connectionPoolMinimumSize": 1, - "ldapServer": [ - "localhost:50636", - ], - "location": "/first/second", - "maximumSearchResults": 100, - "mtlsEnabled": false, - "nextDescendents": [], - "policyHeartbeatInterval": 10, - "policyHeartbeatTimeUnit": "SECONDS", - "realmSearchFilter": "(objectclass=sunismanagedorganization)", - "searchTimeout": 5, - "sslEnabled": true, - "subjectsResultTTL": 10, - "userAliasEnabled": false, - "usersBaseDn": "dc=openam,dc=forgerock,dc=org", - "usersSearchAttribute": "uid", - "usersSearchFilter": "(objectclass=inetorgperson)", - "usersSearchScope": "SCOPE_SUB", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectAttributes/undefined.subjectAttributes.json 1`] = ` -{ - "meta": Any, - "subjectAttributes": { - "undefined": "iplanet-am-user-login-status", - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AND.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "subjects": { - "type": "array", - }, - }, - "type": "object", + "openidm-authorized": { + "_id": "openidm-authorized", + "condition": null, + "description": "Basic minimum user", + "name": "openidm-authorized", + "privileges": [], + "temporalConstraints": [], }, - "logical": true, - "title": "AND", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AuthenticatedUsers": { - "_id": "AuthenticatedUsers", - "config": { - "properties": {}, - "type": "object", + "openidm-cert": { + "_id": "openidm-cert", + "condition": null, + "description": "Authenticated via certificate", + "name": "openidm-cert", + "privileges": [], + "temporalConstraints": [], + }, + "openidm-reg": { + "_id": "openidm-reg", + "condition": null, + "description": "Anonymous access", + "name": "openidm-reg", + "privileges": [], + "temporalConstraints": [], + }, + "openidm-tasks-manager": { + "_id": "openidm-tasks-manager", + "condition": null, + "description": "Allowed to reassign workflow tasks", + "name": "openidm-tasks-manager", + "privileges": [], + "temporalConstraints": [], + }, + "platform-provisioning": { + "_id": "platform-provisioning", + "condition": null, + "description": "Platform provisioning access", + "name": "platform-provisioning", + "privileges": [], + "temporalConstraints": [], }, - "logical": false, - "title": "AuthenticatedUsers", }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Identity.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Identity": { - "_id": "Identity", - "config": { - "properties": { - "subjectValues": { - "items": { - "type": "string", + "mapping": { + "mapping/mappingtest": { + "_id": "mapping/mappingtest", + "consentRequired": false, + "displayName": "mappingtest", + "icon": null, + "name": "mappingtest", + "policies": [ + { + "action": { + "globals": {}, + "source": "//asdfasdf", + "type": "text/javascript", }, - "type": "array", + "situation": "AMBIGUOUS", }, - }, - "type": "object", - }, - "logical": false, - "title": "Identity", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "JwtClaim": { - "_id": "JwtClaim", - "config": { - "properties": { - "claimName": { - "type": "string", + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", }, - "claimValue": { - "type": "string", + { + "action": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "groovy", + }, + "situation": "MISSING", }, - }, - "type": "object", - }, - "logical": false, - "title": "JwtClaim", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NONE.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NONE": { - "_id": "NONE", - "config": { - "properties": {}, - "type": "object", - }, - "logical": false, - "title": "NONE", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NOT.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "subject": { - "properties": {}, - "type": "object", + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", }, - }, - "type": "object", - }, - "logical": true, - "title": "NOT", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/OR.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "subjects": { - "type": "array", + { + "action": "ASYNC", + "situation": "UNQUALIFIED", }, - }, - "type": "object", + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "source": "managed/assignment", + "target": "managed/organization", }, - "logical": true, - "title": "OR", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Policy.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", + "mapping/seantestmapping": { + "_id": "mapping/seantestmapping", + "consentRequired": false, + "displayName": "seantestmapping", + "icon": null, + "name": "seantestmapping", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", }, - "name": { - "type": "string", + { + "action": "ASYNC", + "situation": "ALL_GONE", }, - "values": { - "items": { - "type": "string", - }, - "type": "array", + { + "action": "ASYNC", + "situation": "AMBIGUOUS", }, - }, - "type": "object", + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/assignment", + "target": "managed/organization", }, - "logical": false, - "title": "Policy", }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/webhookService/webhooks.webhookService.json 1`] = ` -{ - "meta": Any, - "webhookService": { - "webhooks": { - "_id": "webhooks", - "_type": { - "_id": "webhooks", - "collection": true, - "name": "Webhook Service", - }, - "headers": { - "accept": "*/*", - }, + "server": null, + "sync": { + "_id": "sync", + "mappings": [ + { + "_id": "sync/managedOrganization_managedRole", + "consentRequired": false, + "displayName": "managedOrganization_managedRole", + "icon": null, + "name": "managedOrganization_managedRole", + "policies": [ + { + "action": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, + "situation": "AMBIGUOUS", + }, + { + "action": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, + "condition": { + "globals": {}, + "source": "//seantest", + "type": "text/javascript", + }, + "situation": "SOURCE_MISSING", + }, + { + "action": { + "globals": {}, + "source": "//seantest", + "type": "groovy", + }, + "postAction": { + "globals": {}, + "source": "//seantest", + "type": "groovy", + }, + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "source": "managed/organization", + "syncAfter": [], + "target": "managed/role", + }, + { + "_id": "sync/managedOrganization_managedSeantestmanagedobject", + "consentRequired": false, + "displayName": "managedOrganization_managedSeantestmanagedobject", + "icon": null, + "name": "managedOrganization_managedSeantestmanagedobject", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/organization", + "syncAfter": [ + "managedOrganization_managedRole", + ], + "target": "managed/seantestmanagedobject", + }, + { + "_id": "sync/managedAssignment_managedUser", + "consentRequired": false, + "displayName": "managedAssignment_managedUser", + "icon": null, + "name": "managedAssignment_managedUser", + "policies": [ + { + "action": { + "globals": {}, + "source": "//asdfasdf", + "type": "groovy", + }, + "situation": "AMBIGUOUS", + }, + { + "action": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "text/javascript", + }, + "condition": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "groovy", + }, + "postAction": { + "globals": {}, + "source": "//asdfasdf", + "type": "text/javascript", + }, + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": { + "globals": {}, + "source": "//asdfasdfasdf", + "type": "text/javascript", + }, + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + ], + "properties": [], + "source": "managed/assignment", + "syncAfter": [ + "managedOrganization_managedRole", + "managedOrganization_managedSeantestmanagedobject", + ], + "target": "managed/user", + }, + { + "_id": "sync/seantestmapping", + "consentRequired": false, + "displayName": "seantestmapping", + "icon": null, + "name": "seantestmapping", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/assignment", + "syncAfter": [ + "managedOrganization_managedRole", + "managedOrganization_managedSeantestmanagedobject", + "managedAssignment_managedUser", + ], + "target": "managed/organization", + }, + { + "_id": "sync/managedSeantestmanagedobject_managedUser", + "consentRequired": false, + "displayName": "managedSeantestmanagedobject_managedUser", + "icon": null, + "name": "managedSeantestmanagedobject_managedUser", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/seantestmanagedobject", + "syncAfter": [ + "managedOrganization_managedRole", + "managedOrganization_managedSeantestmanagedobject", + "managedAssignment_managedUser", + "seantestmapping", + ], + "target": "managed/user", + }, + ], }, }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/wsEntity/ws.wsEntity.json 1`] = ` -{ "meta": Any, - "wsEntity": { - "ws": { - "_id": "ws", - "_type": { - "_id": "ws", - "collection": true, - "name": "Entity Descriptor ", - }, - }, - }, + "realm": {}, } `; @@ -479839,8 +492809,703 @@ return identity }, "identityAttribute": "userName", "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + "x": 0, + "y": 0, + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + "x": 0, + "y": 0, + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, + }, + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + "x": 0, + "y": 0, + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", }, }, "saml2Entities": {}, @@ -479848,43 +493513,52 @@ return identity "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformProgressiveProfile", - "description": "Prompt for missing preferences on 3rd login", + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", "enabled": true, - "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", }, - "displayName": "Query Filter Decision", - "nodeType": "QueryFilterDecisionNode", + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", "x": 0, "y": 0, }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { "connections": { - "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", "x": 0, "y": 0, }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", }, - "displayName": "Login Count Decision", - "nodeType": "LoginCountDecisionNode", + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", "x": 0, "y": 0, }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { "connections": { "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", @@ -479894,56 +493568,35 @@ return identity "x": 0, "y": 0, }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + "x": 0, + "y": 0, + }, }, "uiConfig": {}, }, }, - "PlatformRegistration": { + "RetryLimit": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "givenName", - "sn", - "mail", - "preferences/marketing", - "preferences/updates", - ], - "identityAttribute": "userName", - "required": true, - "validateInputs": true, - }, - "1c383cd3-0b7c-398a-b502-93adfecb7b18": { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", "_outcomes": [ { "displayName": "Outcome", @@ -479951,49 +493604,33 @@ return identity }, ], "_type": { - "_id": "AcceptTermsAndConditionsNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "Accept Terms and Conditions", + "name": "Username Collector", }, }, - "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Retry", + "id": "Retry", }, - ], - "_type": { - "_id": "KbaCreateNode", - "collection": true, - "name": "KBA Definition", - }, - "allowUserDefinedQuestions": true, - "message": { - "en": "Select a security question", - }, - }, - "e369853d-f766-3a44-a1ed-0ff613f563bd": { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Reject", + "id": "Reject", }, ], "_type": { - "_id": "ValidatedUsernameNode", + "_id": "RetryLimitDecisionNode", "collection": true, - "name": "Platform Username", + "name": "Retry Limit Decision", }, - "usernameAttribute": "userName", - "validateInput": true, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, }, - }, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", "_outcomes": [ { "displayName": "Outcome", @@ -480001,33 +493638,31 @@ return identity }, ], "_type": { - "_id": "IncrementLoginCountNode", + "_id": "PasswordCollectorNode", "collection": true, - "name": "Increment Login Count", + "name": "Password Collector", }, - "identityAttribute": "userName", }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", "_outcomes": [ { - "displayName": "Created", - "id": "CREATED", + "displayName": "True", + "id": "true", }, { - "displayName": "Failed", - "id": "FAILURE", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "CreateObjectNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Create Object", + "name": "Data Store Decision", }, - "identityResource": "managed/user", }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", "_outcomes": [ { "displayName": "Outcome", @@ -480035,44 +493670,11 @@ return identity }, ], "_type": { - "_id": "PageNode", + "_id": "AccountLockoutNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "displayName": "KBA Definition", - "nodeType": "KbaCreateNode", - }, - { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "displayName": "Accept Terms and Conditions", - "nodeType": "AcceptTermsAndConditionsNode", - }, - ], - "pageDescription": { - "en": "Signing up is fast and easy.
Already have an account?Sign In", - }, - "pageHeader": { - "en": "Sign Up", + "name": "Account Lockout", }, - "stage": "null", + "lockAction": "LOCK", }, }, "saml2Entities": {}, @@ -480080,38 +493682,57 @@ return identity "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformRegistration", - "description": "Platform Registration Tree", + "_id": "RetryLimit", + "description": "null", "enabled": true, - "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", "x": 0, "y": 0, }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { "connections": { - "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", }, - "displayName": "Create Object", - "nodeType": "CreateObjectNode", + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", "x": 0, "y": 0, }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { "connections": { - "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", "x": 0, "y": 0, }, @@ -480119,922 +493740,3162 @@ return identity "uiConfig": {}, }, }, - "PlatformResetPassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "44f683a8-4163-3352-bafe-57c2e008bc8c": { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - "66f041e1-6a60-328b-85a7-e228a89c3799": { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, - }, - }, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Change password", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "_id": "072b030b-a126-32f4-b237-4f342be9ed44", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", - }, - "identifier": "userName", - "identityAttribute": "mail", - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", - }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", - }, - "emailTemplateName": "resetPassword", - "identityAttribute": "mail", - "objectLookup": true, - }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "mail", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformResetPassword", - "description": "Reset Password Tree", - "enabled": true, - "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "connections": { - "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "connections": { - "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "connections": { - "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "connections": { - "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, - }, + }, + "trustedJwtIssuer": {}, + "webhookService": { + "webhooks": { + "_id": "webhooks", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "headers": { + "accept": "*/*", + }, + }, + }, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, + }, + "root-first-second": { + "agent": {}, + "agentGroup": {}, + "application": {}, + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": true, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, + "idp": {}, + "policy": {}, + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790191, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", + ], + }, + }, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790171, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790156, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, + "saml": { + "cot": {}, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, + "script": { + "01e1a3c0-038b-4c16-956a-6c9d89328cff": { + "_id": "01e1a3c0-038b-4c16-956a-6c9d89328cff", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for a scripted decision node", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Authentication Tree Decision Node Script", + "script": "/* + - Data made available by nodes that have already executed are available in the sharedState variable. + - The script should set outcome to either "true" or "false". + */ + +outcome = "true"; +", + }, + "1244e639-4a31-401d-ab61-d75133d8dc9e": { + "_id": "1244e639-4a31-401d-ab61-d75133d8dc9e", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Normalizes raw profile data from Instagram", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Instagram Profile Normalization", + "script": "/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.id), + field("username", rawProfile.username))) +", + }, + "13e3f263-9cd3-4844-8d1c-040fd0dd02eb": { + "_id": "13e3f263-9cd3-4844-8d1c-040fd0dd02eb", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script template for Device Profile Match decision node script for Authentication Tree", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Device Profile Match Template - Decision Node Script", + "script": "/* + * Copyright 2020-2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/** ****************************************************************** + * + * The following script is a simplified template for understanding + * the basics of device matching. _This is not functionally complete._ + * For a functionally complete script as well as a development toolkit, + * visit https://github.com/ForgeRock/forgerock-device-match-script. + * + * Global node variables accessible within this scope: + * 1. \`sharedState\` provides access to incoming request + * 2. \`deviceProfilesDao\` provides access to stored profiles + * 3. \`outcome\` variable maps to auth tree node outcomes; values are + * 'true', 'false', or 'unknownDevice' (notice _all_ are strings). + * ******************************************************************/ + +/** + * Get the incoming request's device profile. + * Returns serialized JSON (type string); parsing this will result a + * native JS object. + */ +var incomingJson = sharedState.get('forgeRock.device.profile').toString(); +var incoming = JSON.parse(incomingJson); + +/** + * Get the incoming user's username and realm. + * Notice the use of \`.asString()\`. + */ +var username = sharedState.get("username").asString(); +var realm = sharedState.get("realm").asString(); + +/** + * Get the user's stored profiles for appropriate realm. + * Returns a _special_ object with methods for profile data + */ +var storedProfiles = deviceProfilesDao.getDeviceProfiles(username, realm); + +// Default to \`outcome\` of 'unknownDevice' +outcome = 'unknownDevice'; + +if (storedProfiles) { + var i = 0; + // NOTE: \`.size()\` method returns the number of stored profiles + var len = storedProfiles.size(); + + for (i; i < len; i++) { + /** + * Get the stored profile. + * Returns serialized JSON (type string); parsing this will result + * a native JS object. + */ + var storedJson = storedProfiles.get(i); + var stored = JSON.parse(storedJson); + + /** + * Find a stored profile with the same identifier. + */ + if (incoming.identifier === stored.identifier) { + + /** + * Now that you've found the appropriate profile, you will perform + * the logic here to match the values of the \`incoming\` profile + * with that of the \`stored\` profile. + * + * The result of the matching logic is assigned to \`outcome\`. Since + * we have profiles of the same identifier, the value (type string) + * should now be either 'true' or 'false' (properties matched or not). + * + * For more information about this topic, visit this Github repo: + * https://github.com/ForgeRock/forgerock-device-match-script + */ + outcome = 'false'; + } + } +} +", + }, + "157298c0-7d31-4059-a95b-eeb08473b7e5": { + "_id": "157298c0-7d31-4059-a95b-eeb08473b7e5", + "context": "AUTHENTICATION_CLIENT_SIDE", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for client side Device Id (Match) Authentication Module", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Device Id (Match) - Client Side", + "script": "var fontDetector = (function () { + /** + * JavaScript code to detect available availability of a + * particular font in a browser using JavaScript and CSS. + * + * Author : Lalit Patel + * Website: http://www.lalit.org/lab/javascript-css-font-detect/ + * License: Apache Software License 2.0 + * http://www.apache.org/licenses/LICENSE-2.0 + * Version: 0.15 (21 Sep 2009) + * Changed comparision font to default from sans-default-default, + * as in FF3.0 font of child element didn't fallback + * to parent element if the font is missing. + * Version: 0.2 (04 Mar 2012) + * Comparing font against all the 3 generic font families ie, + * 'monospace', 'sans-serif' and 'sans'. If it doesn't match all 3 + * then that font is 100% not available in the system + * Version: 0.3 (24 Mar 2012) + * Replaced sans with serif in the list of baseFonts + */ + /* + * Portions Copyrighted 2013 ForgeRock AS. + */ + var detector = {}, baseFonts, testString, testSize, h, s, defaultWidth = {}, defaultHeight = {}, index; + + // a font will be compared against all the three default fonts. + // and if it doesn't match all 3 then that font is not available. + baseFonts = ['monospace', 'sans-serif', 'serif']; + + //we use m or w because these two characters take up the maximum width. + // And we use a LLi so that the same matching fonts can get separated + testString = "mmmmmmmmmmlli"; + + //we test using 72px font size, we may use any size. I guess larger the better. + testSize = '72px'; + + h = document.getElementsByTagName("body")[0]; + + // create a SPAN in the document to get the width of the text we use to test + s = document.createElement("span"); + s.style.fontSize = testSize; + s.innerHTML = testString; + for (index in baseFonts) { + //get the default width for the three base fonts + s.style.fontFamily = baseFonts[index]; + h.appendChild(s); + defaultWidth[baseFonts[index]] = s.offsetWidth; //width for the default font + defaultHeight[baseFonts[index]] = s.offsetHeight; //height for the defualt font + h.removeChild(s); + } + + detector.detect = function(font) { + var detected = false, index, matched; + for (index in baseFonts) { + s.style.fontFamily = font + ',' + baseFonts[index]; // name of the font along with the base font for fallback. + h.appendChild(s); + matched = (s.offsetWidth !== defaultWidth[baseFonts[index]] || s.offsetHeight !== defaultHeight[baseFonts[index]]); + h.removeChild(s); + detected = detected || matched; + } + return detected; + }; + + return detector; +}()); +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved + * + * The contents of this file are subject to the terms + * of the Common Development and Distribution License + * (the License). You may not use this file except in + * compliance with the License. + * + * You can obtain a copy of the License at + * https://opensso.dev.java.net/public/CDDLv1.0.html or + * opensso/legal/CDDLv1.0.txt + * See the License for the specific language governing + * permission and limitations under the License. + * + * When distributing Covered Code, include this CDDL + * Header Notice in each file and include the License file + * at opensso/legal/CDDLv1.0.txt. + * If applicable, add the following below the CDDL Header, + * with the fields enclosed by brackets [] replaced by + * your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * + */ +/* + * Portions Copyrighted 2013 Syntegrity. + * Portions Copyrighted 2013-2014 ForgeRock AS. + */ + +var collectScreenInfo = function () { + var screenInfo = {}; + if (screen) { + if (screen.width) { + screenInfo.screenWidth = screen.width; + } + + if (screen.height) { + screenInfo.screenHeight = screen.height; + } + + if (screen.pixelDepth) { + screenInfo.screenColourDepth = screen.pixelDepth; + } + } else { + console.warn("Cannot collect screen information. screen is not defined."); + } + return screenInfo; + }, + collectTimezoneInfo = function () { + var timezoneInfo = {}, offset = new Date().getTimezoneOffset(); + + if (offset) { + timezoneInfo.timezone = offset; + } else { + console.warn("Cannot collect timezone information. timezone is not defined."); + } + + return timezoneInfo; + }, + collectBrowserPluginsInfo = function () { + + if (navigator && navigator.plugins) { + var pluginsInfo = {}, i, plugins = navigator.plugins; + pluginsInfo.installedPlugins = ""; + + for (i = 0; i < plugins.length; i++) { + pluginsInfo.installedPlugins = pluginsInfo.installedPlugins + plugins[i].filename + ";"; + } + + return pluginsInfo; + } else { + console.warn("Cannot collect browser plugin information. navigator.plugins is not defined."); + return {}; + } + + }, +// Getting geolocation takes some time and is done asynchronously, hence need a callback which is called once geolocation is retrieved. + collectGeolocationInfo = function (callback) { + var geolocationInfo = {}, + successCallback = function(position) { + geolocationInfo.longitude = position.coords.longitude; + geolocationInfo.latitude = position.coords.latitude; + callback(geolocationInfo); + }, errorCallback = function(error) { + console.warn("Cannot collect geolocation information. " + error.code + ": " + error.message); + callback(geolocationInfo); + }; + if (navigator && navigator.geolocation) { + // NB: If user chooses 'Not now' on Firefox neither callback gets called + // https://bugzilla.mozilla.org/show_bug.cgi?id=675533 + navigator.geolocation.getCurrentPosition(successCallback, errorCallback); + } else { + console.warn("Cannot collect geolocation information. navigator.geolocation is not defined."); + callback(geolocationInfo); + } + }, + collectBrowserFontsInfo = function () { + var fontsInfo = {}, i, fontsList = ["cursive","monospace","serif","sans-serif","fantasy","default","Arial","Arial Black", + "Arial Narrow","Arial Rounded MT Bold","Bookman Old Style","Bradley Hand ITC","Century","Century Gothic", + "Comic Sans MS","Courier","Courier New","Georgia","Gentium","Impact","King","Lucida Console","Lalit", + "Modena","Monotype Corsiva","Papyrus","Tahoma","TeX","Times","Times New Roman","Trebuchet MS","Verdana", + "Verona"]; + fontsInfo.installedFonts = ""; + + for (i = 0; i < fontsList.length; i++) { + if (fontDetector.detect(fontsList[i])) { + fontsInfo.installedFonts = fontsInfo.installedFonts + fontsList[i] + ";"; + } + } + return fontsInfo; + }, + devicePrint = {}; + +devicePrint.screen = collectScreenInfo(); +devicePrint.timezone = collectTimezoneInfo(); +devicePrint.plugins = collectBrowserPluginsInfo(); +devicePrint.fonts = collectBrowserFontsInfo(); + +if (navigator.userAgent) { + devicePrint.userAgent = navigator.userAgent; +} +if (navigator.appName) { + devicePrint.appName = navigator.appName; +} +if (navigator.appCodeName) { + devicePrint.appCodeName = navigator.appCodeName; +} +if (navigator.appVersion) { + devicePrint.appVersion = navigator.appVersion; +} +if (navigator.appMinorVersion) { + devicePrint.appMinorVersion = navigator.appMinorVersion; +} +if (navigator.buildID) { + devicePrint.buildID = navigator.buildID; +} +if (navigator.platform) { + devicePrint.platform = navigator.platform; +} +if (navigator.cpuClass) { + devicePrint.cpuClass = navigator.cpuClass; +} +if (navigator.oscpu) { + devicePrint.oscpu = navigator.oscpu; +} +if (navigator.product) { + devicePrint.product = navigator.product; +} +if (navigator.productSub) { + devicePrint.productSub = navigator.productSub; +} +if (navigator.vendor) { + devicePrint.vendor = navigator.vendor; +} +if (navigator.vendorSub) { + devicePrint.vendorSub = navigator.vendorSub; +} +if (navigator.language) { + devicePrint.language = navigator.language; +} +if (navigator.userLanguage) { + devicePrint.userLanguage = navigator.userLanguage; +} +if (navigator.browserLanguage) { + devicePrint.browserLanguage = navigator.browserLanguage; +} +if (navigator.systemLanguage) { + devicePrint.systemLanguage = navigator.systemLanguage; +} + +// Attempt to collect geo-location information and return this with the data collected so far. +// Otherwise, if geo-location fails or takes longer than 30 seconds, auto-submit the data collected so far. +autoSubmitDelay = 30000; +output.value = JSON.stringify(devicePrint); +collectGeolocationInfo(function(geolocationInfo) { + devicePrint.geolocation = geolocationInfo; + output.value = JSON.stringify(devicePrint); + submit(); +}); +", + }, + "1d475815-72cb-42eb-aafd-4026989d28a7": { + "_id": "1d475815-72cb-42eb-aafd-4026989d28a7", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for Social Identity Provider Profile Transformation", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Social Identity Provider Profile Transformation Script", + "script": "/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* Default Social Identity Provider Profile Transformation script to use as a template for new scripts */ +", + }, + "248b8a56-df81-4b1b-b4ba-45d994f6504c": { + "_id": "248b8a56-df81-4b1b-b4ba-45d994f6504c", + "context": "SAML2_IDP_ADAPTER", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for SAML2 IDP Adapter", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "SAML2 IDP Adapter Script", + "script": "/* + * Copyright 2021-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * The script has these top level functions that could be executed during a SAML2 flow. + * - preSingleSignOn + * - preAuthentication + * - preSendResponse + * - preSignResponse + * - preSendFailureResponse + * + * Please see the javadoc for the interface definition and more information about these methods. + * https://backstage.forgerock.com/docs/am/7.3/_attachments/apidocs/com/sun/identity/saml2/plugins/SAML2IdentityProviderAdapter.html + * Note that the initialize method is not supported in the scripts. + * + * Defined variables. Check the documentation on the respective functions for the variables available to it. + * + * hostedEntityId - String + * Entity ID for the hosted IDP + * realm - String + * Realm of the hosted IDP + * idpAdapterScriptHelper - IdpAdapterScriptHelper (1) + * An instance of IdpAdapterScriptHelper containing helper methods. See Javadoc for more details. + * request - HttpServletRequest (2) + * Servlet request object + * response - HttpServletResponse (3) + * Servlet response object + * authnRequest - AuthnRequest (4) + * The original authentication request sent from SP + * reqId - String + * The id to use for continuation of processing if the adapter redirects + * res - Response (5) + * The SAML Response + * session - SSOToken (6) + * The single sign-on session. The reference type of this is Object and would need to be casted to SSOToken. + * relayState - String + * The relayState that will be used in the redirect + * faultCode - String + * the fault code that will be returned in the SAML response + * faultDetail - String + * the fault detail that will be returned in the SAML response + * logger - Logger instance + * https://backstage.forgerock.com/docs/am/7.3/scripting-guide/scripting-api-global-logger.html. + * Corresponding log files will be prefixed with: scripts.