From 640e13d0771b9451cc7df5ddef796fcc45e9b4e8 Mon Sep 17 00:00:00 2001 From: Sean Koo Date: Mon, 5 May 2025 13:51:06 -0600 Subject: [PATCH 1/9] changes for idm --- object.js | 379 ++++++++++++++++++++++++ src/cli/app/app-delete.ts | 2 +- src/cli/app/app-describe.ts | 2 +- src/cli/app/app-export.ts | 2 +- src/cli/app/app-import.ts | 2 +- src/cli/app/app-list.ts | 2 +- src/cli/authz/authz-policy-delete.ts | 9 +- src/cli/authz/authz-policy-describe.ts | 5 +- src/cli/authz/authz-policy-export.ts | 13 +- src/cli/authz/authz-policy-import.ts | 11 +- src/cli/authz/authz-policy-list.ts | 7 +- src/cli/authz/authz-policy.ts | 2 +- src/cli/authz/authz-set-delete.ts | 7 +- src/cli/authz/authz-set-describe.ts | 5 +- src/cli/authz/authz-set-export.ts | 9 +- src/cli/authz/authz-set-import.ts | 11 +- src/cli/authz/authz-set-list.ts | 5 +- src/cli/authz/authz-type-delete.ts | 9 +- src/cli/authz/authz-type-describe.ts | 7 +- src/cli/authz/authz-type-export.ts | 11 +- src/cli/authz/authz-type-import.ts | 13 +- src/cli/authz/authz-type-list.ts | 5 +- src/cli/config/config-export.ts | 59 ++-- src/cli/config/config-import.ts | 38 +-- src/cli/conn/conn-save.ts | 2 +- src/cli/email/email-template-export.ts | 2 +- src/cli/email/email-template-import.ts | 2 +- src/cli/email/email-template-list.ts | 2 +- src/cli/idm/idm-count.ts | 2 +- src/cli/idm/idm-delete.ts | 3 +- src/cli/idm/idm-export.ts | 2 +- src/cli/idm/idm-import.ts | 2 +- src/cli/idm/idm-list.ts | 2 +- src/cli/idm/idm-schema-object-export.ts | 2 +- src/cli/idm/idm-schema-object-import.ts | 2 +- src/cli/idp/idp-delete.ts | 5 +- src/cli/idp/idp-export.ts | 9 +- src/cli/idp/idp-import.ts | 11 +- src/cli/idp/idp-list.ts | 5 +- src/cli/journey/journey-delete.ts | 7 +- src/cli/journey/journey-describe.ts | 5 +- src/cli/journey/journey-disable.ts | 5 +- src/cli/journey/journey-enable.ts | 5 +- src/cli/journey/journey-export.ts | 10 +- src/cli/journey/journey-import.ts | 11 +- src/cli/journey/journey-list.ts | 5 +- src/cli/journey/journey-prune.ts | 5 +- src/cli/mapping/mapping-delete.ts | 2 +- src/cli/mapping/mapping-export.ts | 2 +- src/cli/mapping/mapping-import.ts | 2 +- src/cli/mapping/mapping-list.ts | 2 +- src/cli/mapping/mapping-rename.ts | 2 +- src/cli/oauth/oauth-client-delete.ts | 6 +- src/cli/oauth/oauth-client-describe.ts | 5 +- src/cli/oauth/oauth-client-export.ts | 10 +- src/cli/oauth/oauth-client-import.ts | 12 +- src/cli/oauth/oauth-client-list.ts | 6 +- src/cli/promote/promote.ts | 2 +- src/cli/role/role-delete.ts | 3 +- src/cli/role/role-describe.ts | 3 +- src/cli/role/role-export.ts | 3 +- src/cli/role/role-import.ts | 3 +- src/cli/role/role-list.ts | 3 +- src/cli/saml/saml-cot-export.ts | 11 +- src/cli/saml/saml-cot-import.ts | 12 +- src/cli/saml/saml-cot-list.ts | 6 +- src/cli/saml/saml-delete.ts | 8 +- src/cli/saml/saml-describe.ts | 6 +- src/cli/saml/saml-export.ts | 10 +- src/cli/saml/saml-import.ts | 12 +- src/cli/saml/saml-list.ts | 6 +- src/cli/saml/saml-metadata-export.ts | 6 +- src/cli/script/script-delete.ts | 10 +- src/cli/script/script-describe.ts | 6 +- src/cli/script/script-export.ts | 12 +- src/cli/script/script-import.ts | 8 +- src/cli/script/script-list.ts | 6 +- src/cli/service/service-delete.ts | 7 +- src/cli/service/service-export.ts | 10 +- src/cli/service/service-import.ts | 12 +- src/cli/service/service-list.ts | 6 +- src/cli/theme/theme-delete.ts | 2 +- src/cli/theme/theme-export.ts | 2 +- src/cli/theme/theme-import.ts | 2 +- src/cli/theme/theme-list.ts | 2 +- src/ops/ApplicationOps.ts | 1 + src/ops/ConfigOps.ts | 3 + src/ops/ThemeOps.ts | 2 + ~/temp/Connections.json | 1 + 89 files changed, 712 insertions(+), 244 deletions(-) create mode 100644 object.js create mode 100644 ~/temp/Connections.json diff --git a/object.js b/object.js new file mode 100644 index 000000000..7bb991d8a --- /dev/null +++ b/object.js @@ -0,0 +1,379 @@ +{ + status: 200, + statusText: 'OK', + headers: Object [AxiosHeaders] { + date: 'Mon, 28 Apr 2025 16:04:58 GMT', + 'cache-control': 'no-store', + 'content-api-version': 'protocol=2.1,resource=1.0', + 'content-security-policy': "default-src 'none';frame-ancestors 'none';sandbox", + 'content-type': 'application/json;charset=utf-8', + 'cross-origin-opener-policy': 'same-origin', + 'cross-origin-resource-policy': 'same-origin', + expires: '0', + pragma: 'no-cache', + 'set-cookie': [ + 'session-jwt=eyJ0eXAiOiJKV1QiLCJraWQiOiJvcGVuaWRtLWp3dHNlc3Npb25obWFjLWtleSIsImN0eSI6IkpXVCIsImFsZyI6IkhTMjU2In0.ZXlKMGVYQWlPaUpLVjFRaUxDSnJhV1FpT2lKdmNHVnVhV1J0TFd4dlkyRnNhRzl6ZENJc0ltVnVZeUk2SWtFeE1qaERRa010U0ZNeU5UWWlMQ0poYkdjaU9pSlNVMEV4WHpVaWZRLlBPY0hseWtra05oeUswZ0tzOFdBSjhCNWxiVjBDX1BEOVlKUXUwYXNVaTlKRVR2bi1CbnF2QnYtVldVTUtlQ2Vkcjh6NGR4RVphR1lLRGViT2lIVy1GbGtBY2JzZDYyYjBfSS1ObWZyYTNQRF9PMWwwM3NBbm9kNDdxRVpGVHJRenR2aW1HcXFpVEFGT0dNd3g3SF85VV9tSFN0a2g3XzVjdmMxTFI5d2MtZjdRVmpPRHVnTTJOY242ZVFydEpVZ3dnLXVtQTVDSXZ6NEZNamQ1MWhST19HQnZqcXZyMUV1YVBCMTU2NHBGME9OeTh4M1pkSHktUWpBa21ENDJ2VURKQjJ3UnV1V0FKVllkZG15TE8wY2N1S1BiUWRLb0xraFhCRG9Pb0NnZmpxNmh1TjhYOV9FdVRtSHlZRENueDhONnEwZkFvLUZVdkJZYkRSejZnSXZMdy41OGtsMENnU0c2cFRnTmVpSV9fOS1nLlVYSlcyTmx0T2VmX0NGQUdJaDU4MThsQjl1bnU3S1hjcVlpUjFkOFVUWlVJOGE4WlRHcWFzVGxldDh4Si1iamphN2Q0cVlfajkyTS1HZk11UTNBQzdUM25KMzREd3BMVDV0S2M0TlV2cnRYUmwzdndhY1Nkb2Y3eFo5YW93VDJzR0M4VG9WcFdrai1iNWM4alV6Snh6RGdjMnd3S2xVTVVNLUVNbmJ6Z01KUV9UYU1kVjhWLWh1REh2ZGJHcHpjUWRTWXI2UW5lVU1XdnBkU1J5WGJYMXNuUWZlaFpIM2NQam85TjF6bEo4cXkwR085akUzbXZrYWMyVzBNbWJqSi04ZnVjR1JXR2RWTFVUWGZueVItUE9LOGFpc3FZR3AzTnAxNW1ZZ3lna3FEbWE2eVNWVGJvQTVQX0NVcFU1VzlaQTdkN0hYdlVCWFVnWm5XR2FkNmZEcVVlTzJWUEFvOHpIdUswMDFwYVFVd1hMWGxWTEx0eXZCS2w0a1J0RGtQUnN5OHdyR2U2QkRkV3lteGxoYVVONEU2cms0eVI0S1VrTWNjT3NXd0FsMXd2WndiTVhUaFd5cHl1NG80S0NqTUlfRHN5TzhlZkNZMUFUVXNXNVZuZzZUU0tVRXVYalV5Q0xMc0E3bTUtU2oyOEhramhVbEVPRURqZ3lJS0M5dTZ2VTMwbXMyeHpsYzlINzZmUHZnb3V2OU81bWFTWDJLZXhOXzNVV3dyd2xFX3JEN0Z0QXNORllReXFVOW5lWU9WenpnNmtpOVAtbE9DMF9CeThZbmZxVHFVYXZiMFhWY1NyMFhGSXp2TGFCaWZTdG4zVjM4MEJ5ZWozOU9JYTlwbmdjS0o3amMyRGREc0drdHI1TGZnTFRCV0Q0X19KclRCVTRtNGkzSFNvV0lLVEQ2R3F4UFRycjQ4V0dqQXJveWgyMmE2dEtiU0k4RjlfSkhNVURpdV9QQS52dEVLeXZYSmJBOFZaV0xneUk2YTJB.pBcYD-5IYhEjHkMya_IZOnx8rhdnuPf44YzOYKidNMI; Path=/; HttpOnly' + ], + 'x-content-type-options': 'nosniff', + 'x-frame-options': 'DENY', + 'content-length': '334' + }, + config: { + transitional: { + silentJSONParsing: true, + forcedJSONParsing: true, + clarifyTimeoutError: false + }, + adapter: [ 'xhr', 'http', 'fetch' ], + transformRequest: [ [Function: transformRequest] ], + transformResponse: [ [Function: transformResponse] ], + timeout: 30000, + xsrfCookieName: 'XSRF-TOKEN', + xsrfHeaderName: 'X-XSRF-TOKEN', + maxContentLength: -1, + maxBodyLength: -1, + env: { FormData: [Function [FormData]], Blob: [class Blob] }, + validateStatus: [Function: validateStatus], + headers: Object [AxiosHeaders] { + Accept: 'application/json, text/plain, */*', + 'Content-Type': 'application/json', + 'User-Agent': '@rockcarver/frodo-lib/3.0.4-0', + 'X-ForgeRock-TransactionId': 'frodo-9dfa2d7a-080c-4668-bfa8-120c11646414', + 'X-OpenIDM-Username': 'openidm-admin', + 'X-OpenIDM-Password': 'openidm-admin', + 'Content-Length': '2', + 'Accept-Encoding': 'gzip, compress, deflate, br' + }, + httpAgent: Agent3 { + _events: [Object: null prototype], + _eventsCount: 2, + _maxListeners: undefined, + defaultPort: 80, + protocol: 'http:', + options: [Object: null prototype], + requests: [Object: null prototype] {}, + sockets: [Object: null prototype] {}, + freeSockets: [Object: null prototype] {}, + keepAliveMsecs: 1000, + keepAlive: true, + maxSockets: 100, + maxFreeSockets: 10, + scheduling: 'lifo', + maxTotalSockets: Infinity, + totalSocketCount: 0, + createSocketCount: 0, + createSocketCountLastCheck: 0, + createSocketErrorCount: 0, + createSocketErrorCountLastCheck: 0, + closeSocketCount: 0, + closeSocketCountLastCheck: 0, + errorSocketCount: 0, + errorSocketCountLastCheck: 0, + requestCount: 0, + requestCountLastCheck: 0, + timeoutSocketCount: 0, + timeoutSocketCountLastCheck: 0, + [Symbol(shapeMode)]: false, + [Symbol(kCapture)]: false, + [Symbol(agentkeepalive#currentId)]: 0 + }, + httpsAgent: HttpsAgent { + _events: [Object: null prototype], + _eventsCount: 2, + _maxListeners: undefined, + defaultPort: 443, + protocol: 'https:', + options: [Object: null prototype], + requests: [Object: null prototype] {}, + sockets: [Object: null prototype] {}, + freeSockets: [Object: null prototype], + keepAliveMsecs: 1000, + keepAlive: true, + maxSockets: 100, + maxFreeSockets: 10, + scheduling: 'lifo', + maxTotalSockets: Infinity, + totalSocketCount: 1, + createSocketCount: 1, + createSocketCountLastCheck: 0, + createSocketErrorCount: 0, + createSocketErrorCountLastCheck: 0, + closeSocketCount: 0, + closeSocketCountLastCheck: 0, + errorSocketCount: 0, + errorSocketCountLastCheck: 0, + requestCount: 3, + requestCountLastCheck: 0, + timeoutSocketCount: 0, + timeoutSocketCountLastCheck: 0, + maxCachedSessions: 100, + _sessionCache: [Object], + [Symbol(shapeMode)]: false, + [Symbol(kCapture)]: false, + [Symbol(agentkeepalive#currentId)]: 1 + }, + proxy: null, + method: 'post', + url: 'https://localhost:8443/openidm/authentication?_action=login', + data: '{}', + allowAbsoluteUrls: true, + curlObject: CurlHelper { request: [Circular *1] }, + curlCommand: `curl -X POST -H "Accept:application/json, text/plain, */*" -H "Content-Type:application/json" -H "User-Agent:@rockcarver/frodo-lib/3.0.4-0" -H "X-ForgeRock-TransactionId:frodo-9dfa2d7a-080c-4668-bfa8-120c11646414" -H "X-OpenIDM-Username:openidm-admin" -H "X-OpenIDM-Password:openidm-admin" --data '{}' "https://localhost:8443/openidm/authentication?_action=login"`, + clearCurl: [Function (anonymous)] + }, + request: ClientRequest { + _events: [Object: null prototype] { + abort: [Function (anonymous)], + aborted: [Function (anonymous)], + connect: [Function (anonymous)], + error: [Function (anonymous)], + socket: [Function (anonymous)], + timeout: [Function (anonymous)], + finish: [Function: requestOnFinish] + }, + _eventsCount: 7, + _maxListeners: undefined, + outputData: [], + outputSize: 0, + writable: true, + destroyed: true, + _last: false, + chunkedEncoding: false, + shouldKeepAlive: true, + maxRequestsOnConnectionReached: false, + _defaultKeepAlive: true, + useChunkedEncodingByDefault: true, + sendDate: false, + _removedConnection: false, + _removedContLen: false, + _removedTE: false, + strictContentLength: false, + _contentLength: '2', + _hasBody: true, + _trailer: '', + finished: true, + _headerSent: true, + _closed: true, + socket: TLSSocket { + _tlsOptions: [Object], + _secureEstablished: true, + _securePending: false, + _newSessionPending: false, + _controlReleased: true, + secureConnecting: false, + _SNICallback: null, + servername: 'localhost', + alpnProtocol: false, + authorized: false, + authorizationError: 'DEPTH_ZERO_SELF_SIGNED_CERT', + encrypted: true, + _events: [Object: null prototype], + _eventsCount: 9, + connecting: false, + _hadError: false, + _parent: null, + _host: 'localhost', + _closeAfterHandlingError: false, + _readableState: [ReadableState], + _writableState: [WritableState], + allowHalfOpen: false, + _maxListeners: undefined, + _sockname: null, + _pendingData: null, + _pendingEncoding: '', + server: undefined, + _server: null, + ssl: [TLSWrap], + _requestCert: true, + _rejectUnauthorized: false, + timeout: 30000, + parser: null, + _httpMessage: null, + autoSelectFamilyAttemptedAddresses: [Array], + [Symbol(alpncallback)]: null, + [Symbol(res)]: [TLSWrap], + [Symbol(verified)]: true, + [Symbol(pendingSession)]: null, + [Symbol(async_id_symbol)]: -1, + [Symbol(kHandle)]: [TLSWrap], + [Symbol(lastWriteQueueSize)]: 0, + [Symbol(timeout)]: Timeout { + _idleTimeout: 30000, + _idlePrev: [TimersList], + _idleNext: [TimersList], + _idleStart: 237, + _onTimeout: [Function: bound ], + _timerArgs: undefined, + _repeat: null, + _destroyed: false, + [Symbol(refed)]: false, + [Symbol(kHasPrimitive)]: false, + [Symbol(asyncId)]: 76, + [Symbol(triggerId)]: 74 + }, + [Symbol(kBuffer)]: null, + [Symbol(kBufferCb)]: null, + [Symbol(kBufferGen)]: null, + [Symbol(shapeMode)]: true, + [Symbol(kCapture)]: false, + [Symbol(kSetNoDelay)]: true, + [Symbol(kSetKeepAlive)]: true, + [Symbol(kSetKeepAliveInitialDelay)]: 1, + [Symbol(kBytesRead)]: 0, + [Symbol(kBytesWritten)]: 0, + [Symbol(connect-options)]: [Object], + [Symbol(agentkeepalive#socketName)]: 'sock[0#localhost:8443::::::::false:::::::::::::]', + [Symbol(agentkeepalive#socketRequestCount)]: 3, + [Symbol(agentkeepalive#socketRequestFinishedCount)]: 3 + }, + _header: 'POST /openidm/authentication?_action=login HTTP/1.1\r\n' + + 'Accept: application/json, text/plain, */*\r\n' + + 'Content-Type: application/json\r\n' + + 'User-Agent: @rockcarver/frodo-lib/3.0.4-0\r\n' + + 'X-ForgeRock-TransactionId: frodo-9dfa2d7a-080c-4668-bfa8-120c11646414\r\n' + + 'X-OpenIDM-Username: openidm-admin\r\n' + + 'X-OpenIDM-Password: openidm-admin\r\n' + + 'Content-Length: 2\r\n' + + 'Accept-Encoding: gzip, compress, deflate, br\r\n' + + 'Host: localhost:8443\r\n' + + 'Connection: keep-alive\r\n' + + '\r\n', + _keepAliveTimeout: 0, + _onPendingData: [Function: nop], + agent: HttpsAgent { + _events: [Object: null prototype], + _eventsCount: 2, + _maxListeners: undefined, + defaultPort: 443, + protocol: 'https:', + options: [Object: null prototype], + requests: [Object: null prototype] {}, + sockets: [Object: null prototype] {}, + freeSockets: [Object: null prototype], + keepAliveMsecs: 1000, + keepAlive: true, + maxSockets: 100, + maxFreeSockets: 10, + scheduling: 'lifo', + maxTotalSockets: Infinity, + totalSocketCount: 1, + createSocketCount: 1, + createSocketCountLastCheck: 0, + createSocketErrorCount: 0, + createSocketErrorCountLastCheck: 0, + closeSocketCount: 0, + closeSocketCountLastCheck: 0, + errorSocketCount: 0, + errorSocketCountLastCheck: 0, + requestCount: 3, + requestCountLastCheck: 0, + timeoutSocketCount: 0, + timeoutSocketCountLastCheck: 0, + maxCachedSessions: 100, + _sessionCache: [Object], + [Symbol(shapeMode)]: false, + [Symbol(kCapture)]: false, + [Symbol(agentkeepalive#currentId)]: 1 + }, + socketPath: undefined, + method: 'POST', + maxHeaderSize: undefined, + insecureHTTPParser: undefined, + joinDuplicateHeaders: undefined, + path: '/openidm/authentication?_action=login', + _ended: true, + res: IncomingMessage { + _events: [Object], + _readableState: [ReadableState], + _maxListeners: undefined, + socket: null, + httpVersionMajor: 1, + httpVersionMinor: 1, + httpVersion: '1.1', + complete: true, + rawHeaders: [Array], + rawTrailers: [], + joinDuplicateHeaders: undefined, + aborted: false, + upgrade: false, + url: '', + method: null, + statusCode: 200, + statusMessage: 'OK', + client: [TLSSocket], + _consuming: false, + _dumped: false, + req: [Circular *2], + _eventsCount: 4, + responseUrl: 'https://localhost:8443/openidm/authentication?_action=login', + redirects: [], + [Symbol(shapeMode)]: true, + [Symbol(kCapture)]: false, + [Symbol(kHeaders)]: [Object], + [Symbol(kHeadersCount)]: 26, + [Symbol(kTrailers)]: null, + [Symbol(kTrailersCount)]: 0 + }, + aborted: false, + timeoutCb: null, + upgradeOrConnect: false, + parser: null, + maxHeadersCount: null, + reusedSocket: true, + host: 'localhost', + protocol: 'https:', + _redirectable: Writable { + _events: [Object], + _writableState: [WritableState], + _maxListeners: undefined, + _options: [Object], + _ended: true, + _ending: true, + _redirectCount: 0, + _redirects: [], + _requestBodyLength: 2, + _requestBodyBuffers: [], + _eventsCount: 3, + _onNativeResponse: [Function (anonymous)], + _currentRequest: [Circular *2], + _currentUrl: 'https://localhost:8443/openidm/authentication?_action=login', + _timeout: null, + [Symbol(shapeMode)]: true, + [Symbol(kCapture)]: false + }, + [Symbol(shapeMode)]: false, + [Symbol(kCapture)]: false, + [Symbol(kBytesWritten)]: 0, + [Symbol(kNeedDrain)]: false, + [Symbol(corked)]: 0, + [Symbol(kOutHeaders)]: [Object: null prototype] { + accept: [Array], + 'content-type': [Array], + 'user-agent': [Array], + 'x-forgerock-transactionid': [Array], + 'x-openidm-username': [Array], + 'x-openidm-password': [Array], + 'content-length': [Array], + 'accept-encoding': [Array], + host: [Array] + }, + [Symbol(errored)]: null, + [Symbol(kHighWaterMark)]: 16384, + [Symbol(kRejectNonStandardBodyWrites)]: false, + [Symbol(kUniqueHeaders)]: null + }, + data: { + _id: 'login', + authorization: { + userRolesProperty: 'authzRoles', + component: 'internal/user', + authLogin: true, + roles: [Array], + ipAddress: '[0:0:0:0:0:0:0:1]', + authenticationId: 'openidm-admin', + id: 'openidm-admin', + moduleId: 'STATIC_USER' + }, + authenticationId: 'openidm-admin' + } + } diff --git a/src/cli/app/app-delete.ts b/src/cli/app/app-delete.ts index 2e359a098..02ce5af25 100644 --- a/src/cli/app/app-delete.ts +++ b/src/cli/app/app-delete.ts @@ -9,7 +9,7 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo app delete', [], deploymentTypes); diff --git a/src/cli/app/app-describe.ts b/src/cli/app/app-describe.ts index 06e5d3cfc..91ee425e2 100644 --- a/src/cli/app/app-describe.ts +++ b/src/cli/app/app-describe.ts @@ -4,7 +4,7 @@ import * as s from '../../help/SampleData'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo app describe', [], deploymentTypes); diff --git a/src/cli/app/app-export.ts b/src/cli/app/app-export.ts index b20757f52..c191ecb09 100644 --- a/src/cli/app/app-export.ts +++ b/src/cli/app/app-export.ts @@ -10,7 +10,7 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo app export', [], deploymentTypes); diff --git a/src/cli/app/app-import.ts b/src/cli/app/app-import.ts index ace0c5202..5698a4723 100644 --- a/src/cli/app/app-import.ts +++ b/src/cli/app/app-import.ts @@ -11,7 +11,7 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo app import', [], deploymentTypes); diff --git a/src/cli/app/app-list.ts b/src/cli/app/app-list.ts index 16e8f7d08..f715c76ac 100644 --- a/src/cli/app/app-list.ts +++ b/src/cli/app/app-list.ts @@ -6,7 +6,7 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo app list', [], deploymentTypes); diff --git a/src/cli/authz/authz-policy-delete.ts b/src/cli/authz/authz-policy-delete.ts index 7e29dd2ce..875b0f754 100644 --- a/src/cli/authz/authz-policy-delete.ts +++ b/src/cli/authz/authz-policy-delete.ts @@ -8,9 +8,10 @@ import { } from '../../ops/PolicyOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz policy delete'); + const program = new FrodoCommand('frodo authz policy delete', [], deploymentTypes); program .description('Delete authorization policies.') @@ -41,13 +42,13 @@ export default function setup() { command ); // delete by id - if (options.policyId && (await getTokens())) { + if (options.policyId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting authorization policy...'); const outcome = await deletePolicyById(options.policyId); if (!outcome) process.exitCode = 1; } // --all -a by policy set - else if (options.setId && options.all && (await getTokens())) { + else if (options.setId && options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Deleting all authorization policies in policy set ${options.setId}...` ); @@ -55,7 +56,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting all authorization policies...'); const outcome = await deletePolicies(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-policy-describe.ts b/src/cli/authz/authz-policy-describe.ts index 904b5eb61..717eef506 100644 --- a/src/cli/authz/authz-policy-describe.ts +++ b/src/cli/authz/authz-policy-describe.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { describePolicy } from '../../ops/PolicyOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz policy describe'); + const program = new FrodoCommand('frodo authz policy describe', [], deploymentTypes); program .description('Describe authorization policies.') @@ -28,7 +29,7 @@ export default function setup() { options, command ); - if (options.policyId && (await getTokens())) { + if (options.policyId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Describing authorization policy ${options.policyId}...` ); diff --git a/src/cli/authz/authz-policy-export.ts b/src/cli/authz/authz-policy-export.ts index 948a7f20c..7b0b7a932 100644 --- a/src/cli/authz/authz-policy-export.ts +++ b/src/cli/authz/authz-policy-export.ts @@ -10,9 +10,10 @@ import { } from '../../ops/PolicyOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz policy export'); + const program = new FrodoCommand('frodo authz policy export', [], deploymentTypes); program .description('Export authorization policies.') @@ -68,7 +69,7 @@ export default function setup() { command ); // export - if (options.policyId && (await getTokens())) { + if (options.policyId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting authorization policy to file...'); const outcome = await exportPolicyToFile( options.policyId, @@ -83,7 +84,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all by policy set - else if (options.setId && options.all && (await getTokens())) { + else if (options.setId && options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Exporting all authorization policies in policy set ${options.setId} to file...` ); @@ -100,7 +101,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all authorization policies to file...'); const outcome = await exportPoliciesToFile( options.file, @@ -114,7 +115,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate by policy set - else if (options.setId && options.allSeparate && (await getTokens())) { + else if (options.setId && options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Exporting all authorization policies in policy set ${options.setId} to separate files...` ); @@ -130,7 +131,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Exporting all authorization policies to separate files...' ); diff --git a/src/cli/authz/authz-policy-import.ts b/src/cli/authz/authz-policy-import.ts index f1464a33e..0ae219a52 100644 --- a/src/cli/authz/authz-policy-import.ts +++ b/src/cli/authz/authz-policy-import.ts @@ -9,9 +9,10 @@ import { } from '../../ops/PolicyOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz policy import'); + const program = new FrodoCommand('frodo authz policy import', [], deploymentTypes); program .description('Import authorization policies.') @@ -61,7 +62,7 @@ export default function setup() { command ); // import - if (options.policyId && (await getTokens())) { + if (options.policyId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing authorization policy from file...'); const outcome = await importPolicyFromFile( options.policyId, @@ -75,7 +76,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing all authorization policies from file...'); const outcome = await importPoliciesFromFile(options.file, { deps: options.deps, @@ -85,7 +86,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all authorization policies from separate files...' ); @@ -97,7 +98,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first policy set from file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing first authorization policy from file "${options.file}"...` ); diff --git a/src/cli/authz/authz-policy-list.ts b/src/cli/authz/authz-policy-list.ts index 3ab7b6cde..76808857c 100644 --- a/src/cli/authz/authz-policy-list.ts +++ b/src/cli/authz/authz-policy-list.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { listPolicies, listPoliciesByPolicySet } from '../../ops/PolicyOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz policy list'); + const program = new FrodoCommand('frodo authz policy list', [], deploymentTypes); program .description('List authorization policies.') @@ -26,7 +27,7 @@ export default function setup() { command ); // by policy set - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Listing authorization policies in policy set ${options.setId}...` ); @@ -37,7 +38,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // all policies - else if (await getTokens()) { + else if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing authorization policies...`); const outcome = await listPolicies(options.long); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-policy.ts b/src/cli/authz/authz-policy.ts index 5b68d0189..d0e075e80 100644 --- a/src/cli/authz/authz-policy.ts +++ b/src/cli/authz/authz-policy.ts @@ -6,7 +6,7 @@ import ImportCmd from './authz-policy-import.js'; import ListCmd from './authz-policy-list.js'; export default function setup() { - const program = new FrodoStubCommand('frodo authz policy'); + const program = new FrodoStubCommand('frodo authz policy' ); program.description('Manages authorization policies.'); diff --git a/src/cli/authz/authz-set-delete.ts b/src/cli/authz/authz-set-delete.ts index 2aa2112ed..1fc818b30 100644 --- a/src/cli/authz/authz-set-delete.ts +++ b/src/cli/authz/authz-set-delete.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { deletePolicySetById, deletePolicySets } from '../../ops/PolicySetOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz set delete'); + const program = new FrodoCommand('frodo authz set delete', [], deploymentTypes); program .description('Delete authorization policy sets.') @@ -29,13 +30,13 @@ export default function setup() { command ); // delete by id - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting authorization policy set...'); const outcome = await deletePolicySetById(options.setId); if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting all authorization policy sets...'); const outcome = await deletePolicySets(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-set-describe.ts b/src/cli/authz/authz-set-describe.ts index 611ec0711..8c3aec5a2 100644 --- a/src/cli/authz/authz-set-describe.ts +++ b/src/cli/authz/authz-set-describe.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { describePolicySet } from '../../ops/PolicySetOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz set describe'); + const program = new FrodoCommand('frodo authz set describe', [], deploymentTypes); program .description('Describe authorization policy sets.') @@ -28,7 +29,7 @@ export default function setup() { options, command ); - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Describing authorization policy set ${options.setId}...` ); diff --git a/src/cli/authz/authz-set-export.ts b/src/cli/authz/authz-set-export.ts index 969a545e0..516e93287 100644 --- a/src/cli/authz/authz-set-export.ts +++ b/src/cli/authz/authz-set-export.ts @@ -8,9 +8,10 @@ import { } from '../../ops/PolicySetOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz set export'); + const program = new FrodoCommand('frodo authz set export', [], deploymentTypes); program .description('Export authorization policy sets.') @@ -60,7 +61,7 @@ export default function setup() { command ); // export - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting authorization policy set to file...'); const outcome = await exportPolicySetToFile( options.setId, @@ -75,7 +76,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all authorization policy sets to file...'); const outcome = await exportPolicySetsToFile( options.file, @@ -89,7 +90,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Exporting all authorization policy sets to separate files...' ); diff --git a/src/cli/authz/authz-set-import.ts b/src/cli/authz/authz-set-import.ts index 1c1d7ed0f..d73b5da2a 100644 --- a/src/cli/authz/authz-set-import.ts +++ b/src/cli/authz/authz-set-import.ts @@ -9,9 +9,10 @@ import { } from '../../ops/PolicySetOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz set import'); + const program = new FrodoCommand('frodo authz set import', [], deploymentTypes); program .description('Import authorization policy sets.') @@ -55,7 +56,7 @@ export default function setup() { command ); // import - if (options.setId && (await getTokens())) { + if (options.setId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing authorization policy set from file...'); const outcome = await importPolicySetFromFile( options.setId, @@ -68,7 +69,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all authorization policy sets from file...' ); @@ -79,7 +80,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all authorization policy sets from separate files...' ); @@ -90,7 +91,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first policy set from file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing first authorization policy set from file "${options.file}"...` ); diff --git a/src/cli/authz/authz-set-list.ts b/src/cli/authz/authz-set-list.ts index 891207b46..fcfb32074 100644 --- a/src/cli/authz/authz-set-list.ts +++ b/src/cli/authz/authz-set-list.ts @@ -2,9 +2,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { listPolicySets } from '../../ops/PolicySetOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz set list'); + const program = new FrodoCommand('frodo authz set list', [], deploymentTypes); program.description('List authorization policy sets.').action( // implement command logic inside action handler @@ -17,7 +18,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage('Listing authorization policy sets...'); const outcome = await listPolicySets(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-type-delete.ts b/src/cli/authz/authz-type-delete.ts index bb6bcc506..cddbd9cf2 100644 --- a/src/cli/authz/authz-type-delete.ts +++ b/src/cli/authz/authz-type-delete.ts @@ -8,9 +8,10 @@ import { } from '../../ops/ResourceTypeOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz type delete'); + const program = new FrodoCommand('frodo authz type delete', [], deploymentTypes); program .description('Delete authorization resource types.') @@ -44,19 +45,19 @@ export default function setup() { command ); // delete by uuid - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting authorization resource type...'); const outcome = await deleteResourceTypeById(options.typeId); if (!outcome) process.exitCode = 1; } // delete by name - else if (options.typeName && (await getTokens())) { + else if (options.typeName && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting authorization resource type...'); const outcome = await deleteResourceTypeUsingName(options.typeName); if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting all authorization resource types...'); const outcome = await deleteResourceTypes(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/authz/authz-type-describe.ts b/src/cli/authz/authz-type-describe.ts index a9414a1f0..ce9bd984e 100644 --- a/src/cli/authz/authz-type-describe.ts +++ b/src/cli/authz/authz-type-describe.ts @@ -7,9 +7,10 @@ import { } from '../../ops/ResourceTypeOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz type describe'); + const program = new FrodoCommand('frodo authz type describe', [], deploymentTypes); program .description('Describe authorization resource types.') @@ -27,14 +28,14 @@ export default function setup() { options, command ); - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage(`Describing authorization resource type by uuid...`); const outcome = await describeResourceType( options.typeId, options.json ); if (!outcome) process.exitCode = 1; - } else if (options.typeName && (await getTokens())) { + } else if (options.typeName && (await getTokens(false, true, deploymentTypes))) { verboseMessage(`Describing authorization resource type by name...`); const outcome = await describeResourceTypeByName( options.typeName, diff --git a/src/cli/authz/authz-type-export.ts b/src/cli/authz/authz-type-export.ts index 1d3842e8f..90aece437 100644 --- a/src/cli/authz/authz-type-export.ts +++ b/src/cli/authz/authz-type-export.ts @@ -9,9 +9,10 @@ import { } from '../../ops/ResourceTypeOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz type export'); + const program = new FrodoCommand('frodo authz type export', [], deploymentTypes); program .description('Export authorization resource types.') @@ -58,7 +59,7 @@ export default function setup() { command ); // export by uuid - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting authorization resource type to file...'); const outcome = await exportResourceTypeToFile( options.typeId, @@ -68,7 +69,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // export by name - else if (options.typeName && (await getTokens())) { + else if (options.typeName && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting authorization resource type to file...'); const outcome = await exportResourceTypeByNameToFile( options.typeName, @@ -78,7 +79,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Exporting all authorization resource types to file...' ); @@ -89,7 +90,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Exporting all authorization resource types to separate files...' ); diff --git a/src/cli/authz/authz-type-import.ts b/src/cli/authz/authz-type-import.ts index 0d02565c7..ad283c6ec 100644 --- a/src/cli/authz/authz-type-import.ts +++ b/src/cli/authz/authz-type-import.ts @@ -10,9 +10,10 @@ import { } from '../../ops/ResourceTypeOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz type import'); + const program = new FrodoCommand('frodo authz type import', [], deploymentTypes); program .description('Import authorization resource types.') @@ -53,7 +54,7 @@ export default function setup() { command ); // import by uuid - if (options.typeId && (await getTokens())) { + if (options.typeId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing authorization resource type by uuid from file...' ); @@ -64,7 +65,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import by name - else if (options.typeName && (await getTokens())) { + else if (options.typeName && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing authorization resource type by name from file...' ); @@ -75,7 +76,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all authorization resource types from file...' ); @@ -83,7 +84,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all authorization resource types from separate files...' ); @@ -91,7 +92,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing first authorization resource type from file "${options.file}"...` ); diff --git a/src/cli/authz/authz-type-list.ts b/src/cli/authz/authz-type-list.ts index 6d065af36..1778f111f 100644 --- a/src/cli/authz/authz-type-list.ts +++ b/src/cli/authz/authz-type-list.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { listResourceTypes } from '../../ops/ResourceTypeOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo authz type list'); + const program = new FrodoCommand('frodo authz type list', [], deploymentTypes); program .description('List authorization resource types.') @@ -24,7 +25,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage('Listing resource types...'); const outcome = await listResourceTypes(options.long); if (!outcome) process.exitCode = 1; diff --git a/src/cli/config/config-export.ts b/src/cli/config/config-export.ts index 4b9056ecf..5571f99dd 100644 --- a/src/cli/config/config-export.ts +++ b/src/cli/config/config-export.ts @@ -9,6 +9,7 @@ import { } from '../../ops/ConfigOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +import { exportAllConfigEntitiesToFile, exportAllConfigEntitiesToFiles } from '../../ops/IdmOps'; export default function setup() { const program = new FrodoCommand('frodo config export'); @@ -16,8 +17,8 @@ export default function setup() { program .description( `Export full cloud configuration.\n` + - `By default, it only exports importable config (i.e. config that is not read-only) for the current deployment (e.g. if exporting from cloud, realm config would NOT be exported since it can't be imported back into cloud even though it can be imported into classic deployments). There is a flag to export all config including read only config.\n` + - `Additionally, there is a flag to export config for only the specified realm, a flag to export only global config, and many other flags to customize the export. Use the -h or --help to see them all and to also see usage examples.` + `By default, it only exports importable config (i.e. config that is not read-only) for the current deployment (e.g. if exporting from cloud, realm config would NOT be exported since it can't be imported back into cloud even though it can be imported into classic deployments). There is a flag to export all config including read only config.\n` + + `Additionally, there is a flag to export config for only the specified realm, a flag to export only global config, and many other flags to customize the export. Use the -h or --help to see them all and to also see usage examples.` ) .addOption(new Option('-f, --file ', 'Name of the export file.')) .addOption(new Option('-a, --all', 'Export everything to a single file.')) @@ -108,33 +109,33 @@ export default function setup() { .addHelpText( 'after', `How Frodo handles secrets:\n`['brightGreen'] + - ` Frodo supports exporting and importing of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo always encrypts values using either encryption keys from the source environment (default) or the target environment (--target parameter). Frodo never exports secrets in the clear.\n\n`[ - 'brightGreen' - ] + - `Usage Examples:\n` + - ` Export global and realm configuration for version control (e.g. Git) into the current directory.\n` + - ` Note that -x and -s separates script and mapping config to better track changes made to them, and -N removes metadata since it changes every export (you may consider using --no-coords as well if you don't care to track node positions in journeys):\n` + - ` $ frodo config export -sxAND . ${s.connId}\n`['brightCyan'] + - ` Export global and realm configuration from cloud to be later imported into a classic, on-prem deployment.\n` + - ` Note -dR is used for exporting all read-only config from cloud since certain cloud read-only config (like the realm config) can be imported into a classic on-prem deployment:\n` + - ` $ frodo config export -adR ${s.connId}\n`['brightCyan'] + - ` Export only the bravo realm configuration:\n` + - ` $ frodo config export -ar ${s.connId} bravo\n`['brightCyan'] + - ` Backup global and realm configuration including active secret values to a single file (Note: only values of active and loaded secrets can be exported):\n` + - ` $ frodo config export -a --include-active-values ${s.connId}\n`[ - 'brightCyan' - ] + - ` Backup global and realm configuration including active secret values to individual files in a directory structure (Note: only values of active and loaded secrets can be exported):\n` + - ` $ frodo config export -A -D ${s.connId}-backup --include-active-values ${s.connId}\n`[ - 'brightCyan' - ] + - ` Export global and realm configuration including active secret values for import into another environment.\n` + - ` The --target parameter instructs frodo to encrypt the exported secret values using the target environment so they can be imported into that target environment without requiring the source environment they were exported from.\n` + - ` Using the --target parameter, the target environment must be available at the time of export and the person performing the export must have a connection profile for the target environment.\n` + - ` Without the --target parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment.\n` + - ` $ frodo config export -a --include-active-values --target ${s.connId2} ${s.connId}\n`[ - 'brightCyan' - ] + ` Frodo supports exporting and importing of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo always encrypts values using either encryption keys from the source environment (default) or the target environment (--target parameter). Frodo never exports secrets in the clear.\n\n`[ + 'brightGreen' + ] + + `Usage Examples:\n` + + ` Export global and realm configuration for version control (e.g. Git) into the current directory.\n` + + ` Note that -x and -s separates script and mapping config to better track changes made to them, and -N removes metadata since it changes every export (you may consider using --no-coords as well if you don't care to track node positions in journeys):\n` + + ` $ frodo config export -sxAND . ${s.connId}\n`['brightCyan'] + + ` Export global and realm configuration from cloud to be later imported into a classic, on-prem deployment.\n` + + ` Note -dR is used for exporting all read-only config from cloud since certain cloud read-only config (like the realm config) can be imported into a classic on-prem deployment:\n` + + ` $ frodo config export -adR ${s.connId}\n`['brightCyan'] + + ` Export only the bravo realm configuration:\n` + + ` $ frodo config export -ar ${s.connId} bravo\n`['brightCyan'] + + ` Backup global and realm configuration including active secret values to a single file (Note: only values of active and loaded secrets can be exported):\n` + + ` $ frodo config export -a --include-active-values ${s.connId}\n`[ + 'brightCyan' + ] + + ` Backup global and realm configuration including active secret values to individual files in a directory structure (Note: only values of active and loaded secrets can be exported):\n` + + ` $ frodo config export -A -D ${s.connId}-backup --include-active-values ${s.connId}\n`[ + 'brightCyan' + ] + + ` Export global and realm configuration including active secret values for import into another environment.\n` + + ` The --target parameter instructs frodo to encrypt the exported secret values using the target environment so they can be imported into that target environment without requiring the source environment they were exported from.\n` + + ` Using the --target parameter, the target environment must be available at the time of export and the person performing the export must have a connection profile for the target environment.\n` + + ` Without the --target parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment.\n` + + ` $ frodo config export -a --include-active-values --target ${s.connId2} ${s.connId}\n`[ + 'brightCyan' + ] ) .action( // implement command logic inside action handler diff --git a/src/cli/config/config-import.ts b/src/cli/config/config-import.ts index a466a39ee..f2fdf8323 100644 --- a/src/cli/config/config-import.ts +++ b/src/cli/config/config-import.ts @@ -10,6 +10,8 @@ import { } from '../../ops/ConfigOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +import { importAllConfigEntitiesFromFile, importAllConfigEntitiesFromFiles } from '../../ops/IdmOps' + export default function setup() { const program = new FrodoCommand('frodo config import'); @@ -76,24 +78,24 @@ export default function setup() { .addHelpText( 'after', `How Frodo handles secrets:\n`['brightGreen'] + - ` Frodo supports exporting and importing of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo always encrypts values using either encryption keys from the source environment (default) or the target environment (--target parameter). Frodo never exports secrets in the clear.\n\n`[ - 'brightGreen' - ] + - `Usage Examples:\n` + - ` Restore global and active realm configuration including active secret values from a single file (Note: config export must have been performed using the --include-active-values option):\n` + - ` $ frodo config import -a -f Alpha.everything.json --include-active-values ${s.connId}\n`[ - 'brightCyan' - ] + - ` Restore global and active realm configuration including active secret values from separate files in a directory structure (Note: config export must have been performed using the --include-active-values option):\n` + - ` $ frodo config import -A -D ${s.connId}-backup --include-active-values ${s.connId}\n`[ - 'brightCyan' - ] + - ` Import global and active realm configuration including active secret values, wich were exported from another environment using the --include-active-values option but without using the --target parameter, therefore requiring the --source parameter on import:\n` + - ` The --source parameter instructs frodo to decrypt the secret values during import using the source environment, which was used to encrypt them.\n` + - ` Using the --source parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment.\n` + - ` $ frodo config import -a -f Alpha.everything.json --include-active-values --source ${s.connId} ${s.connId2}\n`[ - 'brightCyan' - ] + ` Frodo supports exporting and importing of ESV secret values. To leave stuartship of secret values with the cloud environment where they belong, frodo always encrypts values using either encryption keys from the source environment (default) or the target environment (--target parameter). Frodo never exports secrets in the clear.\n\n`[ + 'brightGreen' + ] + + `Usage Examples:\n` + + ` Restore global and active realm configuration including active secret values from a single file (Note: config export must have been performed using the --include-active-values option):\n` + + ` $ frodo config import -a -f Alpha.everything.json --include-active-values ${s.connId}\n`[ + 'brightCyan' + ] + + ` Restore global and active realm configuration including active secret values from separate files in a directory structure (Note: config export must have been performed using the --include-active-values option):\n` + + ` $ frodo config import -A -D ${s.connId}-backup --include-active-values ${s.connId}\n`[ + 'brightCyan' + ] + + ` Import global and active realm configuration including active secret values, wich were exported from another environment using the --include-active-values option but without using the --target parameter, therefore requiring the --source parameter on import:\n` + + ` The --source parameter instructs frodo to decrypt the secret values during import using the source environment, which was used to encrypt them.\n` + + ` Using the --source parameter, the source environment must be available at the time of import and the person performing the import must have a connection profile for the source environment.\n` + + ` $ frodo config import -a -f Alpha.everything.json --include-active-values --source ${s.connId} ${s.connId2}\n`[ + 'brightCyan' + ] ) .action( // implement command logic inside action handler diff --git a/src/cli/conn/conn-save.ts b/src/cli/conn/conn-save.ts index e48fa69d0..f9cca22db 100644 --- a/src/cli/conn/conn-save.ts +++ b/src/cli/conn/conn-save.ts @@ -110,7 +110,7 @@ export default function setup() { options.sa && (await isServiceAccountsFeatureAvailable()) ) { - // validate and add existing service account + // validate and add existing service account if (options.saId && options.saJwkFile) { verboseMessage(`Validating and adding service account...`); if ( diff --git a/src/cli/email/email-template-export.ts b/src/cli/email/email-template-export.ts index 06cc375dc..b3287be96 100644 --- a/src/cli/email/email-template-export.ts +++ b/src/cli/email/email-template-export.ts @@ -10,7 +10,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/email/email-template-import.ts b/src/cli/email/email-template-import.ts index 5c5eebcff..60865b560 100644 --- a/src/cli/email/email-template-import.ts +++ b/src/cli/email/email-template-import.ts @@ -10,7 +10,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/email/email-template-list.ts b/src/cli/email/email-template-list.ts index fa60fbba7..278929ac4 100644 --- a/src/cli/email/email-template-list.ts +++ b/src/cli/email/email-template-list.ts @@ -5,7 +5,7 @@ import { listEmailTemplates } from '../../ops/EmailTemplateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/idm/idm-count.ts b/src/cli/idm/idm-count.ts index e541c44a9..952720335 100644 --- a/src/cli/idm/idm-count.ts +++ b/src/cli/idm/idm-count.ts @@ -5,7 +5,7 @@ import { countManagedObjects } from '../../ops/IdmOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops', 'idm']; export default function setup() { const program = new FrodoCommand('frodo idm count', [], deploymentTypes); diff --git a/src/cli/idm/idm-delete.ts b/src/cli/idm/idm-delete.ts index 4f5c779fa..92e4c9e02 100644 --- a/src/cli/idm/idm-delete.ts +++ b/src/cli/idm/idm-delete.ts @@ -3,9 +3,10 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { deleteConfigEntityById } from '../../ops/IdmOps'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops', 'idm']; export default function setup() { - const program = new FrodoCommand('frodo idm delete'); + const program = new FrodoCommand('frodo idm delete', [], deploymentTypes); interface ServiceDeleteOptions { id?: string; diff --git a/src/cli/idm/idm-export.ts b/src/cli/idm/idm-export.ts index 1ed3ced81..f78de9642 100644 --- a/src/cli/idm/idm-export.ts +++ b/src/cli/idm/idm-export.ts @@ -11,7 +11,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops' , 'idm']; export default function setup() { const program = new FrodoCommand('frodo idm export', [], deploymentTypes); diff --git a/src/cli/idm/idm-import.ts b/src/cli/idm/idm-import.ts index a191828aa..fa6df608a 100644 --- a/src/cli/idm/idm-import.ts +++ b/src/cli/idm/idm-import.ts @@ -11,7 +11,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops' , 'idm']; export default function setup() { const program = new FrodoCommand('frodo idm import', [], deploymentTypes); diff --git a/src/cli/idm/idm-list.ts b/src/cli/idm/idm-list.ts index acad9e4bf..150583173 100644 --- a/src/cli/idm/idm-list.ts +++ b/src/cli/idm/idm-list.ts @@ -6,7 +6,7 @@ import { import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops', 'idm']; export default function setup() { const program = new FrodoCommand('frodo idm list', [], deploymentTypes); diff --git a/src/cli/idm/idm-schema-object-export.ts b/src/cli/idm/idm-schema-object-export.ts index e766b1156..bfa079299 100644 --- a/src/cli/idm/idm-schema-object-export.ts +++ b/src/cli/idm/idm-schema-object-export.ts @@ -10,7 +10,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/idm/idm-schema-object-import.ts b/src/cli/idm/idm-schema-object-import.ts index d8f66ea4c..e3601fc3b 100644 --- a/src/cli/idm/idm-schema-object-import.ts +++ b/src/cli/idm/idm-schema-object-import.ts @@ -10,7 +10,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand( diff --git a/src/cli/idp/idp-delete.ts b/src/cli/idp/idp-delete.ts index 9a6565801..948abe097 100644 --- a/src/cli/idp/idp-delete.ts +++ b/src/cli/idp/idp-delete.ts @@ -5,9 +5,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { deleteSocialIdentityProviderById } from '../../ops/IdpOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo idp delete'); + const program = new FrodoCommand('frodo idp delete', [], deploymentTypes); program .description('Delete (social) identity providers.') @@ -23,7 +24,7 @@ export default function setup() { options, command ); - if ((await getTokens()) && options.idpId) { + if ((await getTokens(false, true, deploymentTypes)) && options.idpId) { verboseMessage( `Deleting idp ${options.idpId} in realm "${state.getRealm()}"...` ); diff --git a/src/cli/idp/idp-export.ts b/src/cli/idp/idp-export.ts index 50ded2e85..17e8dd23a 100644 --- a/src/cli/idp/idp-export.ts +++ b/src/cli/idp/idp-export.ts @@ -9,9 +9,10 @@ import { } from '../../ops/IdpOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo idp export'); + const program = new FrodoCommand('frodo idp export', [], deploymentTypes); program .description('Export (social) identity providers.') @@ -57,7 +58,7 @@ export default function setup() { command ); // export by id/name - if (options.idpId && (await getTokens())) { + if (options.idpId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Exporting provider "${ options.idpId @@ -71,7 +72,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all providers to a single file...'); const outcome = await exportSocialIdentityProvidersToFile( options.file, @@ -80,7 +81,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all providers to separate files...'); const outcome = await exportSocialIdentityProvidersToFiles( options.metadata diff --git a/src/cli/idp/idp-import.ts b/src/cli/idp/idp-import.ts index 8fe05cb10..782d6680c 100644 --- a/src/cli/idp/idp-import.ts +++ b/src/cli/idp/idp-import.ts @@ -10,9 +10,10 @@ import { } from '../../ops/IdpOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo idp import'); + const program = new FrodoCommand('frodo idp import', [], deploymentTypes); program .description('Import (social) identity providers.') @@ -55,7 +56,7 @@ export default function setup() { command ); // import by id - if (options.file && options.idpId && (await getTokens())) { + if (options.file && options.idpId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing provider "${ options.idpId @@ -71,7 +72,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if (options.all && options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing all providers from a single file (${options.file})...` ); @@ -84,7 +85,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if (options.allSeparate && !options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all providers from separate files in current directory...' ); @@ -94,7 +95,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first provider from file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing first provider from file "${ options.file diff --git a/src/cli/idp/idp-list.ts b/src/cli/idp/idp-list.ts index 85e0e15b1..f3184cd60 100644 --- a/src/cli/idp/idp-list.ts +++ b/src/cli/idp/idp-list.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { listSocialProviders } from '../../ops/IdpOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo idp list'); + const program = new FrodoCommand('frodo idp list', [], deploymentTypes); program .description('List (social) identity providers.') @@ -24,7 +25,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing providers in realm "${state.getRealm()}"...`); const outcome = await listSocialProviders(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/journey/journey-delete.ts b/src/cli/journey/journey-delete.ts index f29e99cc9..0f2e3c86b 100644 --- a/src/cli/journey/journey-delete.ts +++ b/src/cli/journey/journey-delete.ts @@ -5,9 +5,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { deleteJourney, deleteJourneys } from '../../ops/JourneyOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo journey delete'); + const program = new FrodoCommand('frodo journey delete', [], deploymentTypes); program .description('Delete journeys/trees.') @@ -47,7 +48,7 @@ export default function setup() { command ); // delete by id - if (options.journeyId && (await getTokens())) { + if (options.journeyId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Deleting journey ${ options.journeyId @@ -57,7 +58,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting all journeys...'); const outcome = await deleteJourneys(options); if (!outcome) process.exitCode = 1; diff --git a/src/cli/journey/journey-describe.ts b/src/cli/journey/journey-describe.ts index 83cdc1fd6..76a0bdf2b 100644 --- a/src/cli/journey/journey-describe.ts +++ b/src/cli/journey/journey-describe.ts @@ -6,13 +6,14 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { describeJourney, describeJourneyMd } from '../../ops/JourneyOps'; import { printError, printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; const { saveTextToFile } = frodo.utils; const { createFileParamTreeExportResolver, readJourneys, exportJourney } = frodo.authn.journey; export default function setup() { - const program = new FrodoCommand('frodo journey describe'); + const program = new FrodoCommand('frodo journey describe', [], deploymentTypes); program .description( @@ -137,7 +138,7 @@ export default function setup() { printMessage(error.message, 'error'); process.exitCode = 1; } - } else if (await getTokens()) { + } else if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Describing journey(s) in realm "${state.getRealm()}"...` ); diff --git a/src/cli/journey/journey-disable.ts b/src/cli/journey/journey-disable.ts index e8202da4b..7b38d6d40 100644 --- a/src/cli/journey/journey-disable.ts +++ b/src/cli/journey/journey-disable.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { disableJourney } from '../../ops/JourneyOps'; import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo journey disable'); + const program = new FrodoCommand('frodo journey disable', [], deploymentTypes); program .description('Disable journeys/trees.') @@ -31,7 +32,7 @@ export default function setup() { command ); // disable - if (options.journeyId && (await getTokens())) { + if (options.journeyId && (await getTokens(false, true, deploymentTypes))) { const outcome = await disableJourney(options.journeyId); if (!outcome) process.exitCode = 1; } diff --git a/src/cli/journey/journey-enable.ts b/src/cli/journey/journey-enable.ts index f1aef769a..1714dda30 100644 --- a/src/cli/journey/journey-enable.ts +++ b/src/cli/journey/journey-enable.ts @@ -4,9 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { enableJourney } from '../../ops/JourneyOps'; import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo journey enable'); + const program = new FrodoCommand('frodo journey enable', [], deploymentTypes); program .description('Enable journeys/trees.') @@ -31,7 +32,7 @@ export default function setup() { command ); // enable - if (options.journeyId && (await getTokens())) { + if (options.journeyId && (await getTokens(false, true, deploymentTypes))) { const outcome = await enableJourney(options.journeyId); if (!outcome) process.exitCode = 1; } diff --git a/src/cli/journey/journey-export.ts b/src/cli/journey/journey-export.ts index 04ec0095c..265a6e6ec 100644 --- a/src/cli/journey/journey-export.ts +++ b/src/cli/journey/journey-export.ts @@ -9,8 +9,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops' , 'classic']; + export default function setup() { - const program = new FrodoCommand('frodo journey export'); + const program = new FrodoCommand('frodo journey export', [], deploymentTypes); program .description('Export journeys/trees.') @@ -83,7 +85,7 @@ export default function setup() { command ); // export - if (options.journeyId && (await getTokens())) { + if (options.journeyId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting journey...'); const outcome = await exportJourneyToFile( options.journeyId, @@ -98,7 +100,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all journeys to a single file...'); const outcome = await exportJourneysToFile( options.file, @@ -112,7 +114,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all journeys to separate files...'); const outcome = await exportJourneysToFiles(options.metadata, { useStringArrays: options.useStringArrays, diff --git a/src/cli/journey/journey-import.ts b/src/cli/journey/journey-import.ts index 015138c0a..64204f130 100644 --- a/src/cli/journey/journey-import.ts +++ b/src/cli/journey/journey-import.ts @@ -9,9 +9,10 @@ import { } from '../../ops/JourneyOps'; import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo journey import'); + const program = new FrodoCommand('frodo journey import', [], deploymentTypes); program .description('Import journey/tree.') @@ -63,7 +64,7 @@ export default function setup() { command ); // import - if (options.journeyId && (await getTokens())) { + if (options.journeyId && (await getTokens(false, true, deploymentTypes))) { printMessage(`Importing journey ${options.journeyId}...`); const outcome = await importJourneyFromFile( options.journeyId, @@ -76,7 +77,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if (options.all && options.file && (await getTokens(false, true, deploymentTypes))) { printMessage( `Importing all journeys from a single file (${options.file})...` ); @@ -87,7 +88,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if (options.allSeparate && !options.file && (await getTokens(false, true, deploymentTypes))) { printMessage( 'Importing all journeys from separate files in current directory...' ); @@ -98,7 +99,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first journey in file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { printMessage('Importing first journey in file...'); const outcome = await importFirstJourneyFromFile(options.file, { reUuid: options.reUuid, diff --git a/src/cli/journey/journey-list.ts b/src/cli/journey/journey-list.ts index 8f9cf6971..f22e87cf8 100644 --- a/src/cli/journey/journey-list.ts +++ b/src/cli/journey/journey-list.ts @@ -5,9 +5,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { listJourneys } from '../../ops/JourneyOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo journey list'); + const program = new FrodoCommand('frodo journey list', [], deploymentTypes); program .description('List journeys/trees.') @@ -28,7 +29,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing journeys in realm "${state.getRealm()}"...`); const outcome = await listJourneys(options.long, options.analyze); if (!outcome) process.exitCode = 1; diff --git a/src/cli/journey/journey-prune.ts b/src/cli/journey/journey-prune.ts index 5def4a994..773a41d3c 100644 --- a/src/cli/journey/journey-prune.ts +++ b/src/cli/journey/journey-prune.ts @@ -6,9 +6,10 @@ import { printError, printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; const { findOrphanedNodes, removeOrphanedNodes } = frodo.authn.node; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo journey prune'); + const program = new FrodoCommand('frodo journey prune', [], deploymentTypes); program .description( @@ -25,7 +26,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Pruning orphaned configuration artifacts in realm "${state.getRealm()}"...` ); diff --git a/src/cli/mapping/mapping-delete.ts b/src/cli/mapping/mapping-delete.ts index df53cca76..0cd12f7ee 100644 --- a/src/cli/mapping/mapping-delete.ts +++ b/src/cli/mapping/mapping-delete.ts @@ -5,7 +5,7 @@ import { deleteMapping, deleteMappings } from '../../ops/MappingOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo mapping delete', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-export.ts b/src/cli/mapping/mapping-export.ts index 72f4fca51..b2a587e77 100644 --- a/src/cli/mapping/mapping-export.ts +++ b/src/cli/mapping/mapping-export.ts @@ -9,7 +9,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo mapping export', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-import.ts b/src/cli/mapping/mapping-import.ts index 752069460..840141e69 100644 --- a/src/cli/mapping/mapping-import.ts +++ b/src/cli/mapping/mapping-import.ts @@ -10,7 +10,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo mapping import', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-list.ts b/src/cli/mapping/mapping-list.ts index b12b56a12..7f1a61643 100644 --- a/src/cli/mapping/mapping-list.ts +++ b/src/cli/mapping/mapping-list.ts @@ -5,7 +5,7 @@ import { listMappings } from '../../ops/MappingOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo mapping list', [], deploymentTypes); diff --git a/src/cli/mapping/mapping-rename.ts b/src/cli/mapping/mapping-rename.ts index 95d293fc9..687169c75 100644 --- a/src/cli/mapping/mapping-rename.ts +++ b/src/cli/mapping/mapping-rename.ts @@ -5,7 +5,7 @@ import { renameMapping, renameMappings } from '../../ops/MappingOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops','idm']; export default function setup() { const program = new FrodoCommand('frodo mapping rename', [], deploymentTypes); diff --git a/src/cli/oauth/oauth-client-delete.ts b/src/cli/oauth/oauth-client-delete.ts index 39defb09d..a2780db77 100644 --- a/src/cli/oauth/oauth-client-delete.ts +++ b/src/cli/oauth/oauth-client-delete.ts @@ -4,8 +4,10 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { deleteOauth2ClientById } from '../../ops/OAuth2ClientOps'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo oauth client delete'); + const program = new FrodoCommand('frodo oauth client delete', [], deploymentTypes); program .description('Delete OAuth2 clients.') @@ -35,7 +37,7 @@ export default function setup() { options, command ); - if (options.appId && (await getTokens())) { + if (options.appId && (await getTokens(false, true, deploymentTypes))) { const outcome = deleteOauth2ClientById(options.appId); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/oauth/oauth-client-describe.ts b/src/cli/oauth/oauth-client-describe.ts index 3c6a769d5..f871f2c84 100644 --- a/src/cli/oauth/oauth-client-describe.ts +++ b/src/cli/oauth/oauth-client-describe.ts @@ -2,9 +2,10 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo oauth client describe'); + const program = new FrodoCommand('frodo oauth client describe', [], deploymentTypes); program .description('Describe OAuth2 client.') @@ -20,7 +21,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { // code goes here } else { process.exitCode = 1; diff --git a/src/cli/oauth/oauth-client-export.ts b/src/cli/oauth/oauth-client-export.ts index 2c83fbdbf..02d60116d 100644 --- a/src/cli/oauth/oauth-client-export.ts +++ b/src/cli/oauth/oauth-client-export.ts @@ -8,9 +8,11 @@ import { } from '../../ops/OAuth2ClientOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo oauth client export'); + const program = new FrodoCommand('frodo oauth client export', [], deploymentTypes); program .description('Export OAuth2 clients.') @@ -54,7 +56,7 @@ export default function setup() { command ); // export - if (options.appId && (await getTokens())) { + if (options.appId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting OAuth2 client...'); const outcome = await exportOAuth2ClientToFile( options.appId, @@ -68,7 +70,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a/--all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all OAuth2 clients to file...'); const outcome = await exportOAuth2ClientsToFile( options.file, @@ -81,7 +83,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A/--all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all clients to separate files...'); const outcome = await exportOAuth2ClientsToFiles(options.metadata, { useStringArrays: true, diff --git a/src/cli/oauth/oauth-client-import.ts b/src/cli/oauth/oauth-client-import.ts index bf4867b08..571bcbd09 100644 --- a/src/cli/oauth/oauth-client-import.ts +++ b/src/cli/oauth/oauth-client-import.ts @@ -10,8 +10,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo oauth client import'); + const program = new FrodoCommand('frodo oauth client import', [], deploymentTypes); program .description('Import OAuth2 clients.') @@ -49,7 +51,7 @@ export default function setup() { command ); // import by id - if (options.file && options.appId && (await getTokens())) { + if (options.file && options.appId && (await getTokens(false, true, deploymentTypes))) { verboseMessage(`Importing OAuth2 client "${options.appId}"...`); const outcome = await importOAuth2ClientFromFile( options.appId, @@ -61,7 +63,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if (options.all && options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing all OAuth2 clients from a single file (${options.file})...` ); @@ -71,7 +73,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if (options.allSeparate && !options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all OAuth2 clients from separate files in current directory...' ); @@ -81,7 +83,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first provider from file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing first OAuth2 client from file "${options.file}"...` ); diff --git a/src/cli/oauth/oauth-client-list.ts b/src/cli/oauth/oauth-client-list.ts index a9ba75adc..554737199 100644 --- a/src/cli/oauth/oauth-client-list.ts +++ b/src/cli/oauth/oauth-client-list.ts @@ -5,8 +5,10 @@ import { listOAuth2Clients } from '../../ops/OAuth2ClientOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo oauth client list'); + const program = new FrodoCommand('frodo oauth client list', [], deploymentTypes); program .description('List OAuth2 clients.') @@ -24,7 +26,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing OAuth2 clients...`); const outcome = await listOAuth2Clients(options.long); if (!outcome) process.exitCode = 1; diff --git a/src/cli/promote/promote.ts b/src/cli/promote/promote.ts index 83b848bf2..e89206938 100644 --- a/src/cli/promote/promote.ts +++ b/src/cli/promote/promote.ts @@ -9,7 +9,7 @@ import { FrodoCommand } from '../FrodoCommand'; const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { - const program = new FrodoCommand('promote'); + const program = new FrodoCommand('promote', [], deploymentTypes); program .description('Prepares a tenant to be promoted') diff --git a/src/cli/role/role-delete.ts b/src/cli/role/role-delete.ts index a248d4033..48bdb8287 100644 --- a/src/cli/role/role-delete.ts +++ b/src/cli/role/role-delete.ts @@ -4,12 +4,13 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY , IDM_DEPLOYMENT_TYPE_KEY} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY ]; export default function setup() { diff --git a/src/cli/role/role-describe.ts b/src/cli/role/role-describe.ts index 643a71e40..d4b213ae6 100644 --- a/src/cli/role/role-describe.ts +++ b/src/cli/role/role-describe.ts @@ -4,12 +4,13 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY , IDM_DEPLOYMENT_TYPE_KEY} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY ]; export default function setup() { diff --git a/src/cli/role/role-export.ts b/src/cli/role/role-export.ts index f82248535..824370eb8 100644 --- a/src/cli/role/role-export.ts +++ b/src/cli/role/role-export.ts @@ -10,12 +10,13 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY , IDM_DEPLOYMENT_TYPE_KEY} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY ]; export default function setup() { diff --git a/src/cli/role/role-import.ts b/src/cli/role/role-import.ts index 23dede098..212f8c343 100644 --- a/src/cli/role/role-import.ts +++ b/src/cli/role/role-import.ts @@ -11,12 +11,13 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY , IDM_DEPLOYMENT_TYPE_KEY} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY ]; export default function setup() { diff --git a/src/cli/role/role-list.ts b/src/cli/role/role-list.ts index 15b2205fa..23cd86924 100644 --- a/src/cli/role/role-list.ts +++ b/src/cli/role/role-list.ts @@ -6,12 +6,13 @@ import { listRoles } from '../../ops/InternalRoleOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY } = +const { CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY , IDM_DEPLOYMENT_TYPE_KEY} = frodo.utils.constants; const deploymentTypes = [ CLOUD_DEPLOYMENT_TYPE_KEY, FORGEOPS_DEPLOYMENT_TYPE_KEY, + IDM_DEPLOYMENT_TYPE_KEY ]; export default function setup() { diff --git a/src/cli/saml/saml-cot-export.ts b/src/cli/saml/saml-cot-export.ts index 422ff16c1..091d050a8 100644 --- a/src/cli/saml/saml-cot-export.ts +++ b/src/cli/saml/saml-cot-export.ts @@ -10,8 +10,11 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + + export default function setup() { - const program = new FrodoCommand('frodo saml cot export'); + const program = new FrodoCommand('frodo saml cot export', [], deploymentTypes); program .description('Export SAML circles of trust.') @@ -57,7 +60,7 @@ export default function setup() { command ); // export by id/name - if (options.cotId && (await getTokens())) { + if (options.cotId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Exporting circle of trust "${ options.cotId @@ -71,7 +74,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all circles of trust to a single file...'); const outcome = await exportCirclesOfTrustToFile( options.file, @@ -80,7 +83,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all circles of trust to separate files...'); const outcome = await exportCirclesOfTrustToFiles(options.metadata); if (!outcome) process.exitCode = 1; diff --git a/src/cli/saml/saml-cot-import.ts b/src/cli/saml/saml-cot-import.ts index af6a6ee58..6a198ba6b 100644 --- a/src/cli/saml/saml-cot-import.ts +++ b/src/cli/saml/saml-cot-import.ts @@ -11,8 +11,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo saml cot import'); + const program = new FrodoCommand('frodo saml cot import', [], deploymentTypes); program .description('Import SAML circles of trust.') @@ -52,7 +54,7 @@ export default function setup() { command ); // import by id - if (options.file && options.cotId && (await getTokens())) { + if (options.file && options.cotId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing circle of trust "${ options.cotId @@ -65,7 +67,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if (options.all && options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing all circles of trust from a single file (${options.file})...` ); @@ -73,7 +75,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if (options.allSeparate && !options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all circles of trust from separate files (*.saml.json) in current directory...' ); @@ -81,7 +83,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first from file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing first circle of trust from file "${ options.file diff --git a/src/cli/saml/saml-cot-list.ts b/src/cli/saml/saml-cot-list.ts index 05d768092..711494bc5 100644 --- a/src/cli/saml/saml-cot-list.ts +++ b/src/cli/saml/saml-cot-list.ts @@ -6,8 +6,10 @@ import { listCirclesOfTrust } from '../../ops/CirclesOfTrustOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo saml cot list'); + const program = new FrodoCommand('frodo saml cot list', [], deploymentTypes); program .description('List SAML circles of trust.') @@ -25,7 +27,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Listing SAML circles of trust in realm "${state.getRealm()}"...` ); diff --git a/src/cli/saml/saml-delete.ts b/src/cli/saml/saml-delete.ts index 60e5607d7..4a5fe0b6e 100644 --- a/src/cli/saml/saml-delete.ts +++ b/src/cli/saml/saml-delete.ts @@ -5,11 +5,13 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + const { deleteSaml2Provider, deleteSaml2Providers } = frodo.saml2.entityProvider; export default function setup() { - const program = new FrodoCommand('frodo saml delete'); + const program = new FrodoCommand('frodo saml delete', [], deploymentTypes); program .description('Delete SAML entity providers.') @@ -34,12 +36,12 @@ export default function setup() { command ); // -i / --entity-id - if (options.entityId && (await getTokens())) { + if (options.entityId && (await getTokens(false, true, deploymentTypes))) { verboseMessage(`Deleting entity provider '${options.entityId}'...`); await deleteSaml2Provider(options.entityId); } // -a / --all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage(`Deleting all entity providers...`); await deleteSaml2Providers(); } diff --git a/src/cli/saml/saml-describe.ts b/src/cli/saml/saml-describe.ts index 55d3f0e6d..a604b8982 100644 --- a/src/cli/saml/saml-describe.ts +++ b/src/cli/saml/saml-describe.ts @@ -5,9 +5,11 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { describeSaml2Provider } from '../../ops/Saml2Ops'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo saml describe'); + const program = new FrodoCommand('frodo saml describe', [], deploymentTypes); program .description('Describe the configuration of an entity provider.') @@ -23,7 +25,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Describing SAML entity provider ${ options.entityId diff --git a/src/cli/saml/saml-export.ts b/src/cli/saml/saml-export.ts index e2234896e..e30671de4 100644 --- a/src/cli/saml/saml-export.ts +++ b/src/cli/saml/saml-export.ts @@ -10,8 +10,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo saml export'); + const program = new FrodoCommand('frodo saml export', [], deploymentTypes); program .description('Export SAML entity providers.') @@ -60,7 +62,7 @@ export default function setup() { command ); // export by id/name - if (options.entityId && (await getTokens())) { + if (options.entityId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Exporting provider "${ options.entityId @@ -77,7 +79,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all providers to a single file...'); const outcome = await exportSaml2ProvidersToFile( options.file, @@ -89,7 +91,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all providers to separate files...'); const outcome = await exportSaml2ProvidersToFiles(options.metadata, { deps: options.deps, diff --git a/src/cli/saml/saml-import.ts b/src/cli/saml/saml-import.ts index 70f7640a9..eb7d1ea44 100644 --- a/src/cli/saml/saml-import.ts +++ b/src/cli/saml/saml-import.ts @@ -11,8 +11,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo saml import'); + const program = new FrodoCommand('frodo saml import', [], deploymentTypes); program .description('Import SAML entity providers.') @@ -55,7 +57,7 @@ export default function setup() { command ); // import by id - if (options.file && options.entityId && (await getTokens())) { + if (options.file && options.entityId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing provider "${ options.entityId @@ -71,7 +73,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all -a - else if (options.all && options.file && (await getTokens())) { + else if (options.all && options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing all providers from a single file (${options.file})...` ); @@ -81,7 +83,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // --all-separate -A - else if (options.allSeparate && !options.file && (await getTokens())) { + else if (options.allSeparate && !options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( 'Importing all providers from separate files (*.saml.json) in current directory...' ); @@ -91,7 +93,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import first provider from file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing first provider from file "${ options.file diff --git a/src/cli/saml/saml-list.ts b/src/cli/saml/saml-list.ts index 84118109d..77223ad00 100644 --- a/src/cli/saml/saml-list.ts +++ b/src/cli/saml/saml-list.ts @@ -6,8 +6,10 @@ import { listSaml2Providers } from '../../ops/Saml2Ops'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo saml list'); + const program = new FrodoCommand('frodo saml list', [], deploymentTypes); program .description('List SAML entity providers.') @@ -25,7 +27,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage( `Listing SAML entity providers in realm "${state.getRealm()}"...` ); diff --git a/src/cli/saml/saml-metadata-export.ts b/src/cli/saml/saml-metadata-export.ts index f4f467c23..b86e9655c 100644 --- a/src/cli/saml/saml-metadata-export.ts +++ b/src/cli/saml/saml-metadata-export.ts @@ -6,8 +6,10 @@ import { exportSaml2MetadataToFile } from '../../ops/Saml2Ops'; import { printMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo saml metadata export'); + const program = new FrodoCommand('frodo saml metadata export', [], deploymentTypes); program .description('Export SAML metadata.') @@ -41,7 +43,7 @@ export default function setup() { command ); // export by id/name - if (options.entityId && (await getTokens())) { + if (options.entityId && (await getTokens(false, true, deploymentTypes))) { printMessage( `Exporting metadata for provider "${ options.entityId diff --git a/src/cli/script/script-delete.ts b/src/cli/script/script-delete.ts index 814880b47..dd9446508 100644 --- a/src/cli/script/script-delete.ts +++ b/src/cli/script/script-delete.ts @@ -10,8 +10,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo script delete'); + const program = new FrodoCommand('frodo script delete', [], deploymentTypes); program .description('Delete scripts.') @@ -44,7 +46,7 @@ export default function setup() { options, command ); - if (options.scriptId && (await getTokens())) { + if (options.scriptId && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Deleting script ${ options.scriptId @@ -52,7 +54,7 @@ export default function setup() { ); const outcome = await deleteScriptId(options.scriptId); if (!outcome) process.exitCode = 1; - } else if (options.scriptName && (await getTokens())) { + } else if (options.scriptName && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Deleting script ${ options.scriptName @@ -60,7 +62,7 @@ export default function setup() { ); const outcome = await deleteScriptName(options.scriptName); if (!outcome) process.exitCode = 1; - } else if (options.all && (await getTokens())) { + } else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Deleting all non-default scripts...'); const outcome = await deleteAllScripts(); if (!outcome) process.exitCode = 1; diff --git a/src/cli/script/script-describe.ts b/src/cli/script/script-describe.ts index ac5b47799..e1f546b62 100644 --- a/src/cli/script/script-describe.ts +++ b/src/cli/script/script-describe.ts @@ -5,8 +5,10 @@ import { describeScript } from '../../ops/ScriptOps'; import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo script describe'); + const program = new FrodoCommand('frodo script describe', [], deploymentTypes); program .description('Describe script.') @@ -36,7 +38,7 @@ export default function setup() { options, command ); - if ((options.scriptName || options.scriptId) && (await getTokens())) { + if ((options.scriptName || options.scriptId) && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Describing script ${options.scriptName ? options.scriptName : options.scriptId}...` ); diff --git a/src/cli/script/script-export.ts b/src/cli/script/script-export.ts index 3c5433571..4367a24cb 100644 --- a/src/cli/script/script-export.ts +++ b/src/cli/script/script-export.ts @@ -10,8 +10,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo script export'); + const program = new FrodoCommand('frodo script export', [], deploymentTypes); program .description('Export scripts.') @@ -83,7 +85,7 @@ export default function setup() { command ); // export by id - if (options.scriptId && (await getTokens())) { + if (options.scriptId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting script...'); const outcome = await exportScriptToFile( options.scriptId, @@ -101,7 +103,7 @@ export default function setup() { // export by name else if ( (options.scriptName || options.script) && - (await getTokens()) + (await getTokens(false, true, deploymentTypes)) ) { verboseMessage('Exporting script...'); const outcome = await exportScriptByNameToFile( @@ -118,7 +120,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a / --all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all scripts to a single file...'); const outcome = await exportScriptsToFile( options.file, @@ -132,7 +134,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A / --all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all scripts to separate files...'); const outcome = await exportScriptsToFiles( options.extract, diff --git a/src/cli/script/script-import.ts b/src/cli/script/script-import.ts index 7be05d00c..ce9adad54 100644 --- a/src/cli/script/script-import.ts +++ b/src/cli/script/script-import.ts @@ -9,8 +9,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo script import'); + const program = new FrodoCommand('frodo script import', [], deploymentTypes); program .description('Import scripts.') @@ -76,7 +78,7 @@ export default function setup() { command ); - if (options.file && (await getTokens())) { + if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing script(s) into realm "${state.getRealm()}"...` ); @@ -91,7 +93,7 @@ export default function setup() { } ); if (!outcome) process.exitCode = 1; - } else if (options.allSeparate && (await getTokens())) { + } else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage( `Importing all script files into realm "${state.getRealm()}"...` ); diff --git a/src/cli/script/script-list.ts b/src/cli/script/script-list.ts index bbe41c76d..fac2e749b 100644 --- a/src/cli/script/script-list.ts +++ b/src/cli/script/script-list.ts @@ -6,8 +6,10 @@ import { listScripts } from '../../ops/ScriptOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo script list'); + const program = new FrodoCommand('frodo script list', [], deploymentTypes); program .description('List scripts.') @@ -40,7 +42,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing scripts in realm "${state.getRealm()}"...`); const outcome = await listScripts( options.long, diff --git a/src/cli/service/service-delete.ts b/src/cli/service/service-delete.ts index 92a7867e5..b97dfd117 100644 --- a/src/cli/service/service-delete.ts +++ b/src/cli/service/service-delete.ts @@ -3,9 +3,10 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; import { deleteService, deleteServices } from '../../ops/ServiceOps.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; export default function setup() { - const program = new FrodoCommand('frodo service delete'); + const program = new FrodoCommand('frodo service delete', [], deploymentTypes); interface ServiceDeleteOptions { id?: string; @@ -43,10 +44,10 @@ export default function setup() { const globalConfig = options.global ?? false; - if (options.id && (await getTokens())) { + if (options.id && (await getTokens(false, true, deploymentTypes))) { const outcome = await deleteService(options.id, globalConfig); if (!outcome) process.exitCode = 1; - } else if (options.all && (await getTokens())) { + } else if (options.all && (await getTokens(false, true, deploymentTypes))) { const outcome = await deleteServices(globalConfig); if (!outcome) process.exitCode = 1; } else { diff --git a/src/cli/service/service-export.ts b/src/cli/service/service-export.ts index 6f4022bbf..f4fe7e1fa 100644 --- a/src/cli/service/service-export.ts +++ b/src/cli/service/service-export.ts @@ -9,8 +9,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo service export'); + const program = new FrodoCommand('frodo service export', [], deploymentTypes); interface ServiceExportOptions { file?: string; @@ -70,7 +72,7 @@ export default function setup() { const globalConfig = options.global ?? false; // export by name - if (options.serviceId && (await getTokens())) { + if (options.serviceId && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting service...'); const outcome = await exportServiceToFile( options.serviceId, @@ -81,7 +83,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a / --all - else if (options.all && (await getTokens())) { + else if (options.all && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all services to a single file...'); const outcome = await exportServicesToFile( options.file, @@ -91,7 +93,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A / --all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Exporting all services to separate files...'); const outcome = await exportServicesToFiles( globalConfig, diff --git a/src/cli/service/service-import.ts b/src/cli/service/service-import.ts index 01e268ca4..1b99d73e1 100644 --- a/src/cli/service/service-import.ts +++ b/src/cli/service/service-import.ts @@ -10,8 +10,10 @@ import { import { printMessage, verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo service import'); + const program = new FrodoCommand('frodo service import', [], deploymentTypes); interface ServiceImportOptions { file?: string; @@ -92,7 +94,7 @@ export default function setup() { : options.currentRealm ?? false; // import by id - if (options.serviceId && options.file && (await getTokens())) { + if (options.serviceId && options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing service...'); const outcome = await importServiceFromFile( options.serviceId, @@ -106,7 +108,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -a / --all - else if (options.all && options.file && (await getTokens())) { + else if (options.all && options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing all services from a single file...'); const outcome = await importServicesFromFile(options.file, { clean, @@ -116,7 +118,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // -A / --all-separate - else if (options.allSeparate && (await getTokens())) { + else if (options.allSeparate && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing all services from separate files...'); const outcome = await importServicesFromFiles({ clean, @@ -126,7 +128,7 @@ export default function setup() { if (!outcome) process.exitCode = 1; } // import file - else if (options.file && (await getTokens())) { + else if (options.file && (await getTokens(false, true, deploymentTypes))) { verboseMessage('Importing service...'); const outcome = await importFirstServiceFromFile(options.file, { clean, diff --git a/src/cli/service/service-list.ts b/src/cli/service/service-list.ts index c303700f1..a7d043438 100644 --- a/src/cli/service/service-list.ts +++ b/src/cli/service/service-list.ts @@ -5,8 +5,10 @@ import { listServices } from '../../ops/ServiceOps.js'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; +const deploymentTypes = ['cloud', 'forgeops','classic']; + export default function setup() { - const program = new FrodoCommand('frodo service list'); + const program = new FrodoCommand('frodo service list', [], deploymentTypes); program .description('List AM services.') @@ -23,7 +25,7 @@ export default function setup() { options, command ); - if (await getTokens()) { + if (await getTokens(false, true, deploymentTypes)) { verboseMessage(`Listing all AM services for realm: ${realm}`); const outcome = await listServices(options.long, options.global); if (!outcome) process.exitCode = 1; diff --git a/src/cli/theme/theme-delete.ts b/src/cli/theme/theme-delete.ts index 5608ceadc..8c2edc244 100644 --- a/src/cli/theme/theme-delete.ts +++ b/src/cli/theme/theme-delete.ts @@ -10,7 +10,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops', 'idm']; export default function setup() { const program = new FrodoCommand('frodo theme delete', [], deploymentTypes); diff --git a/src/cli/theme/theme-export.ts b/src/cli/theme/theme-export.ts index bf7e430a4..1fc0815e3 100644 --- a/src/cli/theme/theme-export.ts +++ b/src/cli/theme/theme-export.ts @@ -11,7 +11,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops', 'idm']; export default function setup() { const program = new FrodoCommand('frodo theme export', [], deploymentTypes); diff --git a/src/cli/theme/theme-import.ts b/src/cli/theme/theme-import.ts index ef3805417..02b3306cb 100644 --- a/src/cli/theme/theme-import.ts +++ b/src/cli/theme/theme-import.ts @@ -12,7 +12,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops', 'idm']; export default function setup() { const program = new FrodoCommand('frodo theme import', [], deploymentTypes); diff --git a/src/cli/theme/theme-list.ts b/src/cli/theme/theme-list.ts index b4681074a..c76773292 100644 --- a/src/cli/theme/theme-list.ts +++ b/src/cli/theme/theme-list.ts @@ -6,7 +6,7 @@ import { listThemes } from '../../ops/ThemeOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops']; +const deploymentTypes = ['cloud', 'forgeops', 'idm']; export default function setup() { const program = new FrodoCommand('frodo theme list', [], deploymentTypes); diff --git a/src/ops/ApplicationOps.ts b/src/ops/ApplicationOps.ts index 1bd52bcc7..258579035 100644 --- a/src/ops/ApplicationOps.ts +++ b/src/ops/ApplicationOps.ts @@ -216,6 +216,7 @@ export async function exportApplicationsToFile( 0, `Exporting applications...` ); + let fileName = getTypedFilename( `all${titleCase(frodo.utils.getRealmName(state.getRealm()))}Applications`, 'application' diff --git a/src/ops/ConfigOps.ts b/src/ops/ConfigOps.ts index 9b1bd28f3..6aa5f2fe6 100644 --- a/src/ops/ConfigOps.ts +++ b/src/ops/ConfigOps.ts @@ -32,6 +32,9 @@ const { } = frodo.utils; const { exportFullConfiguration, importFullConfiguration } = frodo.config; + + + /** * Export everything to separate files * @param {String} file file name diff --git a/src/ops/ThemeOps.ts b/src/ops/ThemeOps.ts index 8bbe91df1..5373a152c 100644 --- a/src/ops/ThemeOps.ts +++ b/src/ops/ThemeOps.ts @@ -80,7 +80,9 @@ export function getTableRowMd(themeObj: ThemeSkeleton): string { */ export async function listThemes(long: boolean = false): Promise { try { + console.log(" is it here beofre freadthemes? ") const themeList = await readThemes(); + console.log("is it here in listThemes?") themeList.sort((a, b) => a.name.localeCompare(b.name)); if (!long) { themeList.forEach((theme) => { diff --git a/~/temp/Connections.json b/~/temp/Connections.json new file mode 100644 index 000000000..9e26dfeeb --- /dev/null +++ b/~/temp/Connections.json @@ -0,0 +1 @@ +{} \ No newline at end of file From 10b920bcd975b67887063bef4e48e382f0f371bb Mon Sep 17 00:00:00 2001 From: Sean Koo Date: Wed, 7 May 2025 11:20:35 -0600 Subject: [PATCH 2/9] Implementing and testing for on prem idm --- src/cli/app/app-delete.ts | 2 +- src/cli/app/app-describe.ts | 2 +- src/cli/app/app-export.ts | 2 +- src/cli/app/app-list.ts | 2 +- src/cli/theme/theme-delete.ts | 2 +- src/cli/theme/theme-export.ts | 2 +- src/cli/theme/theme-import.ts | 2 +- src/cli/theme/theme-list.ts | 2 +- src/ops/ThemeOps.ts | 2 - src/utils/Config.ts | 40 +- ...dd-autoid-static-user-mapping.test.js.snap | 2 +- ...-client-with-admin-privileges.test.js.snap | 2 +- .../admin-get-access-token.test.js.snap | 2 +- ...auth2-client-admin-privileges.test.js.snap | 2 +- ...-generic-extension-attributes.test.js.snap | 2 +- ...clients-with-admin-privileges.test.js.snap | 2 +- ...lients-with-custom-privileges.test.js.snap | 2 +- ...min-list-static-user-mappings.test.js.snap | 2 +- ...in-remove-static-user-mapping.test.js.snap | 2 +- .../admin-repair-org-model.test.js.snap | 2 +- ...auth2-client-admin-privileges.test.js.snap | 2 +- ...-generic-extension-attributes.test.js.snap | 2 +- .../__snapshots__/agent-delete.test.js.snap | 2 +- .../__snapshots__/agent-describe.test.js.snap | 2 +- .../__snapshots__/agent-export.test.js.snap | 2 +- .../agent-gateway-delete.test.js.snap | 2 +- .../agent-gateway-describe.test.js.snap | 2 +- .../agent-gateway-export.test.js.snap | 2 +- .../agent-gateway-import.test.js.snap | 2 +- .../agent-gateway-list.test.js.snap | 2 +- .../__snapshots__/agent-import.test.js.snap | 2 +- .../agent-java-delete.test.js.snap | 2 +- .../agent-java-describe.test.js.snap | 2 +- .../agent-java-export.test.js.snap | 2 +- .../agent-java-import.test.js.snap | 2 +- .../agent-java-list.test.js.snap | 2 +- .../en/__snapshots__/agent-list.test.js.snap | 2 +- .../agent-web-delete.test.js.snap | 2 +- .../agent-web-describe.test.js.snap | 2 +- .../agent-web-export.test.js.snap | 2 +- .../agent-web-import.test.js.snap | 2 +- .../__snapshots__/agent-web-list.test.js.snap | 2 +- .../en/__snapshots__/app-delete.test.js.snap | 2 +- .../en/__snapshots__/app-export.test.js.snap | 2 +- .../en/__snapshots__/app-import.test.js.snap | 2 +- .../en/__snapshots__/app-list.test.js.snap | 2 +- .../__snapshots__/authn-describe.test.js.snap | 2 +- .../__snapshots__/authn-export.test.js.snap | 2 +- .../__snapshots__/authn-import.test.js.snap | 2 +- .../authz-policy-delete.test.js.snap | 2 +- .../authz-policy-describe.test.js.snap | 2 +- .../authz-policy-export.test.js.snap | 2 +- .../authz-policy-import.test.js.snap | 2 +- .../authz-policy-list.test.js.snap | 2 +- .../authz-set-delete.test.js.snap | 2 +- .../authz-set-describe.test.js.snap | 2 +- .../authz-set-export.test.js.snap | 2 +- .../authz-set-import.test.js.snap | 2 +- .../authz-type-delete.test.js.snap | 2 +- .../authz-type-describe.test.js.snap | 2 +- .../authz-type-export.test.js.snap | 2 +- .../authz-type-import.test.js.snap | 2 +- .../authz-type-list.test.js.snap | 2 +- .../__snapshots__/config-export.test.js.snap | 2 +- .../__snapshots__/config-import.test.js.snap | 2 +- .../en/__snapshots__/conn-save.test.js.snap | 8 +- .../email-template-export.test.js.snap | 2 +- .../email-template-import.test.js.snap | 2 +- .../email-template-list.test.js.snap | 2 +- .../en/__snapshots__/esv-apply.test.js.snap | 2 +- .../esv-secret-create.test.js.snap | 2 +- .../esv-secret-delete.test.js.snap | 2 +- .../esv-secret-describe.test.js.snap | 2 +- .../esv-secret-export.test.js.snap | 2 +- .../esv-secret-import.test.js.snap | 2 +- .../esv-secret-list.test.js.snap | 2 +- .../__snapshots__/esv-secret-set.test.js.snap | 2 +- .../esv-secret-version-activate.test.js.snap | 2 +- .../esv-secret-version-create.test.js.snap | 2 +- ...esv-secret-version-deactivate.test.js.snap | 2 +- .../esv-secret-version-delete.test.js.snap | 2 +- .../esv-secret-version-list.test.js.snap | 2 +- .../esv-variable-create.test.js.snap | 2 +- .../esv-variable-delete.test.js.snap | 2 +- .../esv-variable-describe.test.js.snap | 2 +- .../esv-variable-export.test.js.snap | 2 +- .../esv-variable-import.test.js.snap | 2 +- .../esv-variable-list.test.js.snap | 2 +- .../esv-variable-set.test.js.snap | 2 +- .../en/__snapshots__/idm-count.test.js.snap | 2 +- .../en/__snapshots__/idm-delete.test.js.snap | 2 +- .../en/__snapshots__/idm-export.test.js.snap | 2 +- .../en/__snapshots__/idm-import.test.js.snap | 2 +- .../en/__snapshots__/idm-list.test.js.snap | 2 +- .../idm-schema-object-export.test.js.snap | 2 +- .../idm-schema-object-import.test.js.snap | 2 +- .../en/__snapshots__/idp-delete.test.js.snap | 2 +- .../en/__snapshots__/idp-export.test.js.snap | 2 +- .../en/__snapshots__/idp-import.test.js.snap | 2 +- .../en/__snapshots__/idp-list.test.js.snap | 2 +- .../en/__snapshots__/info.test.js.snap | 2 +- .../__snapshots__/journey-delete.test.js.snap | 2 +- .../journey-describe.test.js.snap | 2 +- .../journey-disable.test.js.snap | 2 +- .../__snapshots__/journey-enable.test.js.snap | 2 +- .../__snapshots__/journey-export.test.js.snap | 2 +- .../__snapshots__/journey-import.test.js.snap | 2 +- .../__snapshots__/journey-list.test.js.snap | 2 +- .../__snapshots__/journey-prune.test.js.snap | 2 +- .../en/__snapshots__/log-fetch.test.js.snap | 4 +- .../en/__snapshots__/log-list.test.js.snap | 4 +- .../en/__snapshots__/log-tail.test.js.snap | 4 +- .../__snapshots__/mapping-delete.test.js.snap | 2 +- .../__snapshots__/mapping-export.test.js.snap | 2 +- .../__snapshots__/mapping-import.test.js.snap | 2 +- .../__snapshots__/mapping-list.test.js.snap | 2 +- .../__snapshots__/mapping-rename.test.js.snap | 2 +- .../oauth-client-delete.test.js.snap | 2 +- .../oauth-client-export.test.js.snap | 2 +- .../oauth-client-import.test.js.snap | 2 +- .../oauth-client-list.test.js.snap | 2 +- .../en/__snapshots__/promote.test.js.snap | 2 +- .../realm-add-custom-domain.test.js.snap | 2 +- .../__snapshots__/realm-describe.test.js.snap | 2 +- .../__snapshots__/realm-export.test.js.snap | 2 +- .../__snapshots__/realm-import.test.js.snap | 2 +- .../en/__snapshots__/realm-list.test.js.snap | 2 +- .../realm-remove-custom-domain.test.js.snap | 2 +- .../en/__snapshots__/role-export.test.js.snap | 2 +- .../en/__snapshots__/role-import.test.js.snap | 2 +- .../en/__snapshots__/role-list.test.js.snap | 2 +- .../saml-cot-export.test.js.snap | 2 +- .../saml-cot-import.test.js.snap | 2 +- .../__snapshots__/saml-cot-list.test.js.snap | 2 +- .../en/__snapshots__/saml-delete.test.js.snap | 2 +- .../__snapshots__/saml-describe.test.js.snap | 2 +- .../en/__snapshots__/saml-export.test.js.snap | 2 +- .../en/__snapshots__/saml-import.test.js.snap | 2 +- .../en/__snapshots__/saml-list.test.js.snap | 2 +- .../saml-metadata-export.test.js.snap | 2 +- .../__snapshots__/script-delete.test.js.snap | 2 +- .../script-describe.test.js.snap | 2 +- .../__snapshots__/script-export.test.js.snap | 2 +- .../__snapshots__/script-import.test.js.snap | 2 +- .../en/__snapshots__/script-list.test.js.snap | 2 +- .../__snapshots__/server-export.test.js.snap | 2 +- .../__snapshots__/server-import.test.js.snap | 2 +- .../en/__snapshots__/server-list.test.js.snap | 2 +- .../__snapshots__/service-delete.test.js.snap | 2 +- .../__snapshots__/service-export.test.js.snap | 2 +- .../__snapshots__/service-import.test.js.snap | 2 +- .../__snapshots__/service-list.test.js.snap | 2 +- .../en/__snapshots__/shell.test.js.snap | 2 +- .../__snapshots__/theme-delete.test.js.snap | 2 +- .../__snapshots__/theme-export.test.js.snap | 2 +- .../__snapshots__/theme-import.test.js.snap | 2 +- .../en/__snapshots__/theme-list.test.js.snap | 2 +- .../config-export.e2e.test.js.snap | 86067 ++++++++++------ .../config-import.e2e.test.js.snap | 300 + .../email-template-export.e2e.test.js.snap | 198 + .../email-template-import.e2e.test.js.snap | 4 + .../esv-secret-create.e2e.test.js.snap | 2 +- .../__snapshots__/idm-export.e2e.test.js.snap | 32652 ++++-- .../__snapshots__/idm-import.e2e.test.js.snap | 4 + .../__snapshots__/idp-delete.e2e.test.js.snap | 2 +- .../mapping-export.e2e.test.js.snap | 441 + .../mapping-import.e2e.test.js.snap | 4 + .../role-export.e2e.test.js.snap | 156 + .../role-import.e2e.test.js.snap | 4 + test/e2e/config-export.e2e.test.js | 29 +- test/e2e/config-import.e2e.test.js | 31 +- test/e2e/email-template-export.e2e.test.js | 18 +- test/e2e/email-template-import.e2e.test.js | 17 +- test/e2e/env/Connections.json | 5 + .../forgottenUsername.template.email.json | 20 + .../A-email/registration.template.email.json | 20 + .../A-email/resetPassword.template.email.json | 20 + .../updatePassword.template.email.json | 18 + .../idm/A-email/welcome.template.email.json | 20 + test/e2e/exports/idm/A-idm/access.idm.json | 333 + .../e2e/exports/idm/A-idm/apiVersion.idm.json | 58 + test/e2e/exports/idm/A-idm/audit.idm.json | 123 + .../exports/idm/A-idm/authentication.idm.json | 91 + test/e2e/exports/idm/A-idm/cluster.idm.json | 20 + .../emailTemplate/forgottenUsername.idm.json | 26 + .../A-idm/emailTemplate/registration.idm.json | 26 + .../emailTemplate/resetPassword.idm.json | 26 + .../emailTemplate/updatePassword.idm.json | 24 + .../idm/A-idm/emailTemplate/welcome.idm.json | 26 + .../getavailableuserstoassign.idm.json | 16 + .../endpoint/getprocessesforuser.idm.json | 16 + .../idm/A-idm/endpoint/gettasksview.idm.json | 16 + .../A-idm/endpoint/mappingDetails.idm.json | 17 + .../idm/A-idm/endpoint/oauthproxy.idm.json | 17 + .../removeRepoPathFromRelationships.idm.json | 16 + .../A-idm/endpoint/repairMetadata.idm.json | 16 + ...nternalUserAndInternalRoleEntries.idm.json | 16 + .../endpoint/validateQueryFilter.idm.json | 17 + .../exports/idm/A-idm/external.rest.idm.json | 15 + test/e2e/exports/idm/A-idm/internal.idm.json | 49 + test/e2e/exports/idm/A-idm/managed.idm.json | 1896 + test/e2e/exports/idm/A-idm/metrics.idm.json | 15 + .../notification/passwordUpdate.idm.json | 38 + .../A-idm/notification/profileUpdate.idm.json | 50 + .../idm/A-idm/notificationFactory.idm.json | 23 + test/e2e/exports/idm/A-idm/policy.idm.json | 274 + .../idm/A-idm/privilegeAssignments.idm.json | 38 + .../e2e/exports/idm/A-idm/privileges.idm.json | 736 + .../exports/idm/A-idm/process/access.idm.json | 30 + test/e2e/exports/idm/A-idm/repo.ds.idm.json | 1026 + test/e2e/exports/idm/A-idm/repo.init.idm.json | 64 + test/e2e/exports/idm/A-idm/router.idm.json | 48 + .../A-idm/schedule/taskscan_activate.idm.json | 42 + .../A-idm/schedule/taskscan_expire.idm.json | 42 + test/e2e/exports/idm/A-idm/scheduler.idm.json | 22 + test/e2e/exports/idm/A-idm/script.idm.json | 49 + test/e2e/exports/idm/A-idm/secrets.idm.json | 119 + .../idm/A-idm/selfservice.kba.idm.json | 27 + .../A-idm/selfservice.propertymap.idm.json | 62 + .../idm/A-idm/selfservice.terms.idm.json | 29 + .../idm/A-idm/servletfilter/cors.idm.json | 25 + .../idm/A-idm/servletfilter/payload.idm.json | 21 + .../idm/A-idm/servletfilter/upload.idm.json | 21 + test/e2e/exports/idm/A-idm/sync.idm.json | 216 + .../idm/A-idm/ui.context/admin.idm.json | 22 + .../exports/idm/A-idm/ui.context/api.idm.json | 20 + .../idm/A-idm/ui.context/enduser.idm.json | 21 + .../idm/A-idm/ui.context/oauth.idm.json | 19 + .../idm/A-idm/ui/configuration.idm.json | 40 + .../exports/idm/A-idm/ui/dashboard.idm.json | 205 + .../e2e/exports/idm/A-idm/ui/profile.idm.json | 52 + .../exports/idm/A-idm/ui/themeconfig.idm.json | 38 + test/e2e/exports/idm/A-idm/webserver.idm.json | 23 + .../A-idm/webserver.listener/http.idm.json | 20 + .../A-idm/webserver.listener/https.idm.json | 22 + .../webserver.listener/mutualAuth.idm.json | 23 + .../managedOrganization_managedRole.sync.json | 67 + ...eantestmanagedobject_managedUser.sync.json | 68 + .../A-mapping/sync/seantestmapping.sync.json | 65 + .../exports/idm/A-mapping/sync/sync.idm.json | 19 + .../A-role/openidm-admin.internalRole.json | 19 + .../openidm-authorized.internalRole.json | 19 + .../idm/A-role/openidm-cert.internalRole.json | 19 + .../idm/A-role/openidm-reg.internalRole.json | 19 + .../openidm-tasks-manager.internalRole.json | 19 + .../platform-provisioning.internalRole.json | 19 + .../forgottenUsername.emailTemplate.json | 26 + .../registration.emailTemplate.json | 26 + .../resetPassword.emailTemplate.json | 26 + .../updatePassword.emailTemplate.json | 24 + .../emailTemplate/welcome.emailTemplate.json | 26 + .../exports/idm/A/global/idm/access.idm.json | 333 + .../idm/A/global/idm/apiVersion.idm.json | 58 + .../exports/idm/A/global/idm/audit.idm.json | 123 + .../idm/A/global/idm/authentication.idm.json | 91 + .../exports/idm/A/global/idm/cluster.idm.json | 20 + .../getavailableuserstoassign.idm.json | 16 + .../idm/endpoint/getprocessesforuser.idm.json | 16 + .../global/idm/endpoint/gettasksview.idm.json | 16 + .../idm/endpoint/mappingDetails.idm.json | 17 + .../A/global/idm/endpoint/oauthproxy.idm.json | 17 + .../removeRepoPathFromRelationships.idm.json | 16 + .../idm/endpoint/repairMetadata.idm.json | 16 + ...nternalUserAndInternalRoleEntries.idm.json | 16 + .../idm/endpoint/validateQueryFilter.idm.json | 17 + .../idm/A/global/idm/external.rest.idm.json | 15 + .../idm/A/global/idm/internal.idm.json | 49 + .../exports/idm/A/global/idm/managed.idm.json | 1896 + .../exports/idm/A/global/idm/metrics.idm.json | 15 + .../idm/notification/passwordUpdate.idm.json | 38 + .../idm/notification/profileUpdate.idm.json | 50 + .../A/global/idm/notificationFactory.idm.json | 23 + .../exports/idm/A/global/idm/policy.idm.json | 274 + .../global/idm/privilegeAssignments.idm.json | 38 + .../idm/A/global/idm/privileges.idm.json | 736 + .../idm/A/global/idm/process/access.idm.json | 30 + .../exports/idm/A/global/idm/repo.ds.idm.json | 1026 + .../idm/A/global/idm/repo.init.idm.json | 64 + .../exports/idm/A/global/idm/router.idm.json | 48 + .../idm/schedule/taskscan_activate.idm.json | 42 + .../idm/schedule/taskscan_expire.idm.json | 42 + .../idm/A/global/idm/scheduler.idm.json | 22 + .../exports/idm/A/global/idm/script.idm.json | 49 + .../exports/idm/A/global/idm/secrets.idm.json | 119 + .../idm/A/global/idm/selfservice.kba.idm.json | 27 + .../idm/selfservice.propertymap.idm.json | 62 + .../A/global/idm/selfservice.terms.idm.json | 29 + .../A/global/idm/servletfilter/cors.idm.json | 25 + .../global/idm/servletfilter/payload.idm.json | 21 + .../global/idm/servletfilter/upload.idm.json | 21 + .../A/global/idm/ui.context/admin.idm.json | 22 + .../idm/A/global/idm/ui.context/api.idm.json | 20 + .../A/global/idm/ui.context/enduser.idm.json | 21 + .../A/global/idm/ui.context/oauth.idm.json | 19 + .../A/global/idm/ui/configuration.idm.json | 40 + .../idm/A/global/idm/ui/dashboard.idm.json | 205 + .../idm/A/global/idm/ui/profile.idm.json | 52 + .../idm/A/global/idm/ui/themeconfig.idm.json | 38 + .../idm/A/global/idm/webserver.idm.json | 23 + .../idm/webserver.listener/http.idm.json | 20 + .../idm/webserver.listener/https.idm.json | 22 + .../webserver.listener/mutualAuth.idm.json | 23 + .../openidm-admin.internalRole.json | 19 + .../openidm-authorized.internalRole.json | 19 + .../openidm-cert.internalRole.json | 19 + .../openidm-reg.internalRole.json | 19 + .../openidm-tasks-manager.internalRole.json | 19 + .../platform-provisioning.internalRole.json | 19 + .../A/global/sync/seantestmapping.sync.json | 65 + .../exports/idm/A/global/sync/sync.idm.json | 17 + test/e2e/exports/idm/all.config.json | 5688 + test/e2e/exports/idm/all.idm.json | 5766 ++ .../idm/allEmailTemplates.template.email.json | 84 + .../idm/allInternalRoles.internalRole.json | 59 + test/e2e/exports/idm/allMappings.mapping.json | 215 + test/e2e/idm-export.e2e.test.js | 19 +- test/e2e/idm-import.e2e.test.js | 16 +- test/e2e/mapping-export.e2e.test.js | 18 +- test/e2e/mapping-import.e2e.test.js | 17 +- .../openidm_3290118515/recording.har | 8562 ++ .../openidm_3290118515/recording.har | 8562 ++ .../openidm_3290118515/recording.har | 8562 ++ .../openidm_3290118515/recording.har | 8562 ++ .../openidm_3290118515/recording.har | 8562 ++ .../openidm_3290118515/recording.har | 8562 ++ .../openidm_3290118515/recording.har | 9482 ++ .../openidm_3290118515/recording.har | 9482 ++ .../mocks/default_2470140894/recording.har | 8377 +- .../openidm_3290118515/recording.har | 163 + .../openidm_3290118515/recording.har | 163 + .../openidm_3290118515/recording.har | 754 + .../openidm_3290118515/recording.har | 754 + .../openidm_3290118515/recording.har | 8265 ++ .../openidm_3290118515/recording.har | 8265 ++ .../openidm_3290118515/recording.har | 8450 ++ .../openidm_3290118515/recording.har | 8450 ++ .../openidm_3290118515/recording.har | 302 + .../openidm_3290118515/recording.har | 302 + .../openidm_3290118515/recording.har | 306 + .../openidm_3290118515/recording.har | 306 + .../openidm_3290118515/recording.har | 162 + .../openidm_3290118515/recording.har | 162 + .../openidm_3290118515/recording.har | 902 + test/e2e/role-export.e2e.test.js | 21 +- test/e2e/role-import.e2e.test.js | 21 +- test/e2e/utils/TestConfig.js | 8 + test/e2e/utils/TestUtils.js | 3 +- 347 files changed, 216861 insertions(+), 44966 deletions(-) create mode 100644 test/e2e/exports/idm/A-email/forgottenUsername.template.email.json create mode 100644 test/e2e/exports/idm/A-email/registration.template.email.json create mode 100644 test/e2e/exports/idm/A-email/resetPassword.template.email.json create mode 100644 test/e2e/exports/idm/A-email/updatePassword.template.email.json create mode 100644 test/e2e/exports/idm/A-email/welcome.template.email.json create mode 100644 test/e2e/exports/idm/A-idm/access.idm.json create mode 100644 test/e2e/exports/idm/A-idm/apiVersion.idm.json create mode 100644 test/e2e/exports/idm/A-idm/audit.idm.json create mode 100644 test/e2e/exports/idm/A-idm/authentication.idm.json create mode 100644 test/e2e/exports/idm/A-idm/cluster.idm.json create mode 100644 test/e2e/exports/idm/A-idm/emailTemplate/forgottenUsername.idm.json create mode 100644 test/e2e/exports/idm/A-idm/emailTemplate/registration.idm.json create mode 100644 test/e2e/exports/idm/A-idm/emailTemplate/resetPassword.idm.json create mode 100644 test/e2e/exports/idm/A-idm/emailTemplate/updatePassword.idm.json create mode 100644 test/e2e/exports/idm/A-idm/emailTemplate/welcome.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/getavailableuserstoassign.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/getprocessesforuser.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/gettasksview.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/mappingDetails.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/oauthproxy.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/removeRepoPathFromRelationships.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/repairMetadata.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/updateInternalUserAndInternalRoleEntries.idm.json create mode 100644 test/e2e/exports/idm/A-idm/endpoint/validateQueryFilter.idm.json create mode 100644 test/e2e/exports/idm/A-idm/external.rest.idm.json create mode 100644 test/e2e/exports/idm/A-idm/internal.idm.json create mode 100644 test/e2e/exports/idm/A-idm/managed.idm.json create mode 100644 test/e2e/exports/idm/A-idm/metrics.idm.json create mode 100644 test/e2e/exports/idm/A-idm/notification/passwordUpdate.idm.json create mode 100644 test/e2e/exports/idm/A-idm/notification/profileUpdate.idm.json create mode 100644 test/e2e/exports/idm/A-idm/notificationFactory.idm.json create mode 100644 test/e2e/exports/idm/A-idm/policy.idm.json create mode 100644 test/e2e/exports/idm/A-idm/privilegeAssignments.idm.json create mode 100644 test/e2e/exports/idm/A-idm/privileges.idm.json create mode 100644 test/e2e/exports/idm/A-idm/process/access.idm.json create mode 100644 test/e2e/exports/idm/A-idm/repo.ds.idm.json create mode 100644 test/e2e/exports/idm/A-idm/repo.init.idm.json create mode 100644 test/e2e/exports/idm/A-idm/router.idm.json create mode 100644 test/e2e/exports/idm/A-idm/schedule/taskscan_activate.idm.json create mode 100644 test/e2e/exports/idm/A-idm/schedule/taskscan_expire.idm.json create mode 100644 test/e2e/exports/idm/A-idm/scheduler.idm.json create mode 100644 test/e2e/exports/idm/A-idm/script.idm.json create mode 100644 test/e2e/exports/idm/A-idm/secrets.idm.json create mode 100644 test/e2e/exports/idm/A-idm/selfservice.kba.idm.json create mode 100644 test/e2e/exports/idm/A-idm/selfservice.propertymap.idm.json create mode 100644 test/e2e/exports/idm/A-idm/selfservice.terms.idm.json create mode 100644 test/e2e/exports/idm/A-idm/servletfilter/cors.idm.json create mode 100644 test/e2e/exports/idm/A-idm/servletfilter/payload.idm.json create mode 100644 test/e2e/exports/idm/A-idm/servletfilter/upload.idm.json create mode 100644 test/e2e/exports/idm/A-idm/sync.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui.context/admin.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui.context/api.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui.context/enduser.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui.context/oauth.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui/configuration.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui/dashboard.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui/profile.idm.json create mode 100644 test/e2e/exports/idm/A-idm/ui/themeconfig.idm.json create mode 100644 test/e2e/exports/idm/A-idm/webserver.idm.json create mode 100644 test/e2e/exports/idm/A-idm/webserver.listener/http.idm.json create mode 100644 test/e2e/exports/idm/A-idm/webserver.listener/https.idm.json create mode 100644 test/e2e/exports/idm/A-idm/webserver.listener/mutualAuth.idm.json create mode 100644 test/e2e/exports/idm/A-mapping/sync/managedOrganization_managedRole.sync.json create mode 100644 test/e2e/exports/idm/A-mapping/sync/managedSeantestmanagedobject_managedUser.sync.json create mode 100644 test/e2e/exports/idm/A-mapping/sync/seantestmapping.sync.json create mode 100644 test/e2e/exports/idm/A-mapping/sync/sync.idm.json create mode 100644 test/e2e/exports/idm/A-role/openidm-admin.internalRole.json create mode 100644 test/e2e/exports/idm/A-role/openidm-authorized.internalRole.json create mode 100644 test/e2e/exports/idm/A-role/openidm-cert.internalRole.json create mode 100644 test/e2e/exports/idm/A-role/openidm-reg.internalRole.json create mode 100644 test/e2e/exports/idm/A-role/openidm-tasks-manager.internalRole.json create mode 100644 test/e2e/exports/idm/A-role/platform-provisioning.internalRole.json create mode 100644 test/e2e/exports/idm/A/global/emailTemplate/forgottenUsername.emailTemplate.json create mode 100644 test/e2e/exports/idm/A/global/emailTemplate/registration.emailTemplate.json create mode 100644 test/e2e/exports/idm/A/global/emailTemplate/resetPassword.emailTemplate.json create mode 100644 test/e2e/exports/idm/A/global/emailTemplate/updatePassword.emailTemplate.json create mode 100644 test/e2e/exports/idm/A/global/emailTemplate/welcome.emailTemplate.json create mode 100644 test/e2e/exports/idm/A/global/idm/access.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/apiVersion.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/audit.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/authentication.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/cluster.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/getavailableuserstoassign.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/getprocessesforuser.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/gettasksview.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/mappingDetails.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/oauthproxy.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/removeRepoPathFromRelationships.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/repairMetadata.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/updateInternalUserAndInternalRoleEntries.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/endpoint/validateQueryFilter.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/external.rest.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/internal.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/managed.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/metrics.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/notification/passwordUpdate.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/notification/profileUpdate.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/notificationFactory.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/policy.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/privilegeAssignments.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/privileges.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/process/access.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/repo.ds.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/repo.init.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/router.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/schedule/taskscan_activate.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/schedule/taskscan_expire.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/scheduler.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/script.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/secrets.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/selfservice.kba.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/selfservice.propertymap.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/selfservice.terms.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/servletfilter/cors.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/servletfilter/payload.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/servletfilter/upload.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui.context/admin.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui.context/api.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui.context/enduser.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui.context/oauth.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui/configuration.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui/dashboard.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui/profile.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/ui/themeconfig.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/webserver.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/webserver.listener/http.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/webserver.listener/https.idm.json create mode 100644 test/e2e/exports/idm/A/global/idm/webserver.listener/mutualAuth.idm.json create mode 100644 test/e2e/exports/idm/A/global/internalRole/openidm-admin.internalRole.json create mode 100644 test/e2e/exports/idm/A/global/internalRole/openidm-authorized.internalRole.json create mode 100644 test/e2e/exports/idm/A/global/internalRole/openidm-cert.internalRole.json create mode 100644 test/e2e/exports/idm/A/global/internalRole/openidm-reg.internalRole.json create mode 100644 test/e2e/exports/idm/A/global/internalRole/openidm-tasks-manager.internalRole.json create mode 100644 test/e2e/exports/idm/A/global/internalRole/platform-provisioning.internalRole.json create mode 100644 test/e2e/exports/idm/A/global/sync/seantestmapping.sync.json create mode 100644 test/e2e/exports/idm/A/global/sync/sync.idm.json create mode 100644 test/e2e/exports/idm/all.config.json create mode 100644 test/e2e/exports/idm/all.idm.json create mode 100644 test/e2e/exports/idm/allEmailTemplates.template.email.json create mode 100644 test/e2e/exports/idm/allInternalRoles.internalRole.json create mode 100644 test/e2e/exports/idm/allMappings.mapping.json create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_aD_4129875621/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_aD_f_3100536376/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_aD_f_m_1997968728/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_af_3559436575/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/export_4211608755/0_af_m_950605143/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/import_288002260/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/config_603940551/import_288002260/0_af_3559436575/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/email_2324124615/template-export_3631781680/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/email_2324124615/template-export_3631781680/0_aD_m_3016648281/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/email_2324124615/template-import_729844655/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/email_2324124615/template-import_729844655/0_af_m_950605143/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/idm_2060434423/export_4211608755/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/idm_2060434423/export_4211608755/0_aD_m_3016648281/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/idm_2060434423/import_288002260/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/idm_2060434423/import_288002260/0_af_m_950605143/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/mapping_637820293/export_4211608755/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/mapping_637820293/export_4211608755/0_aD_m_3016648281/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/mapping_637820293/import_288002260/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/mapping_637820293/import_288002260/0_af_m_950605143/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/role_268382745/export_4211608755/0_AD_m_4209801721/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/role_268382745/export_4211608755/0_aD_m_3016648281/openidm_3290118515/recording.har create mode 100644 test/e2e/mocks/role_268382745/import_288002260/0_af_m_950605143/openidm_3290118515/recording.har diff --git a/src/cli/app/app-delete.ts b/src/cli/app/app-delete.ts index 02ce5af25..2e359a098 100644 --- a/src/cli/app/app-delete.ts +++ b/src/cli/app/app-delete.ts @@ -9,7 +9,7 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops','idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo app delete', [], deploymentTypes); diff --git a/src/cli/app/app-describe.ts b/src/cli/app/app-describe.ts index 91ee425e2..06e5d3cfc 100644 --- a/src/cli/app/app-describe.ts +++ b/src/cli/app/app-describe.ts @@ -4,7 +4,7 @@ import * as s from '../../help/SampleData'; import { getTokens } from '../../ops/AuthenticateOps'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops','idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo app describe', [], deploymentTypes); diff --git a/src/cli/app/app-export.ts b/src/cli/app/app-export.ts index c191ecb09..b20757f52 100644 --- a/src/cli/app/app-export.ts +++ b/src/cli/app/app-export.ts @@ -10,7 +10,7 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops','idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo app export', [], deploymentTypes); diff --git a/src/cli/app/app-list.ts b/src/cli/app/app-list.ts index f715c76ac..16e8f7d08 100644 --- a/src/cli/app/app-list.ts +++ b/src/cli/app/app-list.ts @@ -6,7 +6,7 @@ import { getTokens } from '../../ops/AuthenticateOps'; import { verboseMessage } from '../../utils/Console.js'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops','idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo app list', [], deploymentTypes); diff --git a/src/cli/theme/theme-delete.ts b/src/cli/theme/theme-delete.ts index 8c2edc244..5608ceadc 100644 --- a/src/cli/theme/theme-delete.ts +++ b/src/cli/theme/theme-delete.ts @@ -10,7 +10,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops', 'idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo theme delete', [], deploymentTypes); diff --git a/src/cli/theme/theme-export.ts b/src/cli/theme/theme-export.ts index 1fc0815e3..bf7e430a4 100644 --- a/src/cli/theme/theme-export.ts +++ b/src/cli/theme/theme-export.ts @@ -11,7 +11,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops', 'idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo theme export', [], deploymentTypes); diff --git a/src/cli/theme/theme-import.ts b/src/cli/theme/theme-import.ts index 02b3306cb..ef3805417 100644 --- a/src/cli/theme/theme-import.ts +++ b/src/cli/theme/theme-import.ts @@ -12,7 +12,7 @@ import { import { printMessage, verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops', 'idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo theme import', [], deploymentTypes); diff --git a/src/cli/theme/theme-list.ts b/src/cli/theme/theme-list.ts index c76773292..b4681074a 100644 --- a/src/cli/theme/theme-list.ts +++ b/src/cli/theme/theme-list.ts @@ -6,7 +6,7 @@ import { listThemes } from '../../ops/ThemeOps'; import { verboseMessage } from '../../utils/Console'; import { FrodoCommand } from '../FrodoCommand'; -const deploymentTypes = ['cloud', 'forgeops', 'idm']; +const deploymentTypes = ['cloud', 'forgeops']; export default function setup() { const program = new FrodoCommand('frodo theme list', [], deploymentTypes); diff --git a/src/ops/ThemeOps.ts b/src/ops/ThemeOps.ts index 5373a152c..8bbe91df1 100644 --- a/src/ops/ThemeOps.ts +++ b/src/ops/ThemeOps.ts @@ -80,9 +80,7 @@ export function getTableRowMd(themeObj: ThemeSkeleton): string { */ export async function listThemes(long: boolean = false): Promise { try { - console.log(" is it here beofre freadthemes? ") const themeList = await readThemes(); - console.log("is it here in listThemes?") themeList.sort((a, b) => a.name.localeCompare(b.name)); if (!long) { themeList.forEach((theme) => { diff --git a/src/utils/Config.ts b/src/utils/Config.ts index 8e1a84aa6..b8c8b38b4 100644 --- a/src/utils/Config.ts +++ b/src/utils/Config.ts @@ -107,23 +107,29 @@ export async function getFullExportConfig( export async function getFullExportConfigFromDirectory( directory: string ): Promise { - const realms = fs.readdirSync(directory + '/realm'); + let realms = {} as string[]; + let realmInterface; + if (state.getDeploymentType() !== 'idm') { + realms = fs.readdirSync(directory + '/realm') + realmInterface = Object.fromEntries( + realms.map((r) => [r, {} as FullRealmExportInterface])); + } const fullExportConfig: FullExportInterface = { meta: {} as ExportMetaData, global: {} as unknown as FullGlobalExportInterface, - realm: Object.fromEntries( - realms.map((r) => [r, {} as FullRealmExportInterface]) - ), + realm: realmInterface, } as FullExportInterface; // Get global await getConfig(fullExportConfig.global, undefined, directory + '/global'); // Get realms - for (const realm of realms) { - await getConfig( - fullExportConfig.realm[realm], - undefined, - directory + '/realm/' + realm - ); + if (state.getDeploymentType() !== 'idm') { + for (const realm of realms) { + await getConfig( + fullExportConfig.realm[realm], + undefined, + directory + '/realm/' + realm + ); + } } return fullExportConfig; } @@ -318,14 +324,14 @@ export function getIdLocations( configuration, isEsv ? // For ESV ids, they contain either letters, numbers, dashes, or underscores. The dashes get replaced with periods (escaped with a \ for the regex) - // since anywhere they are being used they will be used with periods, not dashes. Note that the (?:[^a-z0-9._]|$) expressions at the beginning and - // end are meant to ensure that the id found is not a substring of some other id (i.e. the id found must either be at the beginning or end of the - // string, or if in the middle of a string, is not preceded or followed by a character that would be part of another id). - new RegExp( - `(?:[^a-z0-9._]|^)${id.replaceAll('-', '\\.')}(?:[^a-z0-9._]|$)` - ) + // since anywhere they are being used they will be used with periods, not dashes. Note that the (?:[^a-z0-9._]|$) expressions at the beginning and + // end are meant to ensure that the id found is not a substring of some other id (i.e. the id found must either be at the beginning or end of the + // string, or if in the middle of a string, is not preceded or followed by a character that would be part of another id). + new RegExp( + `(?:[^a-z0-9._]|^)${id.replaceAll('-', '\\.')}(?:[^a-z0-9._]|$)` + ) : // For normal ids, they contain only letters, numbers, or dashes. - new RegExp(`(?:[^a-z0-9-]|^)${id}(?:[^a-z0-9-]|$)`) + new RegExp(`(?:[^a-z0-9-]|^)${id}(?:[^a-z0-9-]|$)`) ); } diff --git a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap index b55c8d804..75c9ab8f7 100644 --- a/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-add-autoid-static-user-mapping.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap index 255e07e34..7bd0429b4 100644 --- a/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-create-oauth2-client-with-admin-privileges.test.js.snap @@ -91,7 +91,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-llt-esv Don't store the token in a secret and output to console instead. This option diff --git a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap index 3c97ee932..7cdc976cc 100644 --- a/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-get-access-token.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -s, --client-secret [secret] Client secret. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap index 0d949b256..ea34e35dd 100644 --- a/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-grant-oauth2-client-admin-privileges.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap index 96e5fe6fd..2a0eab543 100644 --- a/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-hide-generic-extension-attributes.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap index 998383de8..b4a114bf7 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-admin-privileges.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap index 922e02437..ae12e0e56 100644 --- a/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-oauth2-clients-with-custom-privileges.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap index 6235f9b95..40fb0222a 100644 --- a/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-list-static-user-mappings.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap index 550ca843e..3dfcfda8c 100644 --- a/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-remove-static-user-mapping.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap index a1b861397..05ec23b8a 100644 --- a/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-repair-org-model.test.js.snap @@ -77,7 +77,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap index ec5b8fef1..b7115c067 100644 --- a/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-revoke-oauth2-client-admin-privileges.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap index df5163fc9..b757bc5cb 100644 --- a/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap +++ b/test/client_cli/en/__snapshots__/admin-show-generic-extension-attributes.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap index 8723663b1..e5f68d0fb 100644 --- a/test/client_cli/en/__snapshots__/agent-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-delete.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap index c51ae5e4e..37ee4abe3 100644 --- a/test/client_cli/en/__snapshots__/agent-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-export.test.js.snap index 140f21f16..5202032a9 100644 --- a/test/client_cli/en/__snapshots__/agent-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap index bc58fdf8f..c9c83c144 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap index 79f939fb4..a81b5797d 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap index ce89b195a..c44242797 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap index d67b2c9f2..b6c5e9610 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap index d9fbf7810..543b0b891 100644 --- a/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-gateway-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-import.test.js.snap index 3d8bb5213..f97158839 100644 --- a/test/client_cli/en/__snapshots__/agent-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap index c2624a67d..33d3d961e 100644 --- a/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-delete.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap index 2cfbf6770..91e84b832 100644 --- a/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap index 940f712c9..82eee9656 100644 --- a/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap index 53afa6b74..b582ec7e2 100644 --- a/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap index 45b53f8c9..6a4046ca5 100644 --- a/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-java-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-list.test.js.snap index 6700357b3..744da79de 100644 --- a/test/client_cli/en/__snapshots__/agent-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap index a311eab31..f095d2c42 100644 --- a/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap index b82e5ab1a..85b3fc0b8 100644 --- a/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap index 2a817336e..50a9d6ec2 100644 --- a/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap index 4649f8318..32afb4a18 100644 --- a/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap index 5f1331447..7af59f4cf 100644 --- a/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/agent-web-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/app-delete.test.js.snap b/test/client_cli/en/__snapshots__/app-delete.test.js.snap index 592f2d02d..02f49ff94 100644 --- a/test/client_cli/en/__snapshots__/app-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/app-export.test.js.snap b/test/client_cli/en/__snapshots__/app-export.test.js.snap index 1de27341d..da396fda5 100644 --- a/test/client_cli/en/__snapshots__/app-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/app-import.test.js.snap b/test/client_cli/en/__snapshots__/app-import.test.js.snap index 0f4513e73..cdea09887 100644 --- a/test/client_cli/en/__snapshots__/app-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/app-list.test.js.snap b/test/client_cli/en/__snapshots__/app-list.test.js.snap index 5766b42f9..6fcbfa2dc 100644 --- a/test/client_cli/en/__snapshots__/app-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/app-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap index 9529aeaca..3ab653462 100644 --- a/test/client_cli/en/__snapshots__/authn-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authn-export.test.js.snap b/test/client_cli/en/__snapshots__/authn-export.test.js.snap index a205c3e38..cc09c7b72 100644 --- a/test/client_cli/en/__snapshots__/authn-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-export.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authn-import.test.js.snap b/test/client_cli/en/__snapshots__/authn-import.test.js.snap index e1bdc4073..437693a72 100644 --- a/test/client_cli/en/__snapshots__/authn-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authn-import.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap index 744499154..49495c6a4 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap index a57f9a3f6..1d57d51fa 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap index f574540ab..98b6f309f 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap index 18ce5583e..09f1dc204 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not import dependencies (scripts) even if they are available in the import diff --git a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap index bf357cc9a..3fb17f780 100644 --- a/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-policy-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap index 390602502..e03e6e026 100644 --- a/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap index 7eb683e1e..b488af397 100644 --- a/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap index 073ee7c73..d9bba2695 100644 --- a/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap index ac611010f..858e63a3f 100644 --- a/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-set-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (policies, scripts). diff --git a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap index 9197713ce..79d04dc3d 100644 --- a/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. If specified, -a is ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap index a372d1b2f..b0b042202 100644 --- a/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. --no-cache Disable token cache for this operation. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap index f1937ef7c..136d20455 100644 --- a/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap index b72e1a2ec..94c65b5cb 100644 --- a/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --type-name Resource type name. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap index d517950ce..9d7f2034a 100644 --- a/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/authz-type-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/config-export.test.js.snap b/test/client_cli/en/__snapshots__/config-export.test.js.snap index 4b7ffd871..9d59b5666 100644 --- a/test/client_cli/en/__snapshots__/config-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-export.test.js.snap @@ -97,7 +97,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/config-import.test.js.snap b/test/client_cli/en/__snapshots__/config-import.test.js.snap index f1b55e7e6..b1969a6ff 100644 --- a/test/client_cli/en/__snapshots__/config-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/config-import.test.js.snap @@ -94,7 +94,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --re-uuid-journeys Generate new UUIDs for all journey nodes during import. (default: off) diff --git a/test/client_cli/en/__snapshots__/conn-save.test.js.snap b/test/client_cli/en/__snapshots__/conn-save.test.js.snap index 6bc294566..3d8808957 100644 --- a/test/client_cli/en/__snapshots__/conn-save.test.js.snap +++ b/test/client_cli/en/__snapshots__/conn-save.test.js.snap @@ -28,7 +28,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. @@ -96,7 +96,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. @@ -164,7 +164,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. @@ -232,7 +232,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --no-log-api Do not create and add log API key and secret. --no-sa Do not create and add service account. diff --git a/test/client_cli/en/__snapshots__/email-template-export.test.js.snap b/test/client_cli/en/__snapshots__/email-template-export.test.js.snap index 3053f1191..3050770bb 100644 --- a/test/client_cli/en/__snapshots__/email-template-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/email-template-import.test.js.snap b/test/client_cli/en/__snapshots__/email-template-import.test.js.snap index 3ec645b61..36b1f92f0 100644 --- a/test/client_cli/en/__snapshots__/email-template-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --raw Import raw email template files. Raw templates do not contain the id/name, diff --git a/test/client_cli/en/__snapshots__/email-template-list.test.js.snap b/test/client_cli/en/__snapshots__/email-template-list.test.js.snap index 190cab019..c405d106f 100644 --- a/test/client_cli/en/__snapshots__/email-template-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/email-template-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-apply.test.js.snap b/test/client_cli/en/__snapshots__/esv-apply.test.js.snap index 65ed568a1..d2b1d6b46 100644 --- a/test/client_cli/en/__snapshots__/esv-apply.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-apply.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-wait Don't wait for the updates to finish applying. diff --git a/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap index 9c4f96b97..72e9d5765 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-create.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-use-in-placeholders Secret cannot be used in placeholders. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap index 9720ca71d..67169ce31 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-delete.test.js.snap @@ -71,7 +71,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap index 5629e72e7..8238675f5 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap index 6f5f6cce3..c0a42da3d 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-export.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap index 6a790b0dc..a0311175f 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-import.test.js.snap @@ -84,7 +84,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap index 20dc280b3..0a33b3cd9 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap index 441356f70..9a07b8cf8 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-set.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap index f14c2bbff..03ddf6447 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-activate.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap index 53f96e356..c9f2f4f79 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-create.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap index 51a18724f..d2ea0adec 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-deactivate.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap index b1fbc393e..255e9aec8 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-delete.test.js.snap @@ -71,7 +71,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap index 839962660..6fc12341b 100644 --- a/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-secret-version-list.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap index 57774a259..1575828ea 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-create.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap index bcf382eb6..cec130982 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-delete.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap index e3bfa6d47..196edef46 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-describe.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap index 2e01d8792..f5d8faffc 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-export.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap index 4727ab958..ac88294ac 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-import.test.js.snap @@ -77,7 +77,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap index f40191719..5dfe5f484 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap b/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap index 8237a6b6f..78f4ddd5b 100644 --- a/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap +++ b/test/client_cli/en/__snapshots__/esv-variable-set.test.js.snap @@ -70,7 +70,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-count.test.js.snap b/test/client_cli/en/__snapshots__/idm-count.test.js.snap index 1ceeb4636..bfdf419e1 100644 --- a/test/client_cli/en/__snapshots__/idm-count.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-count.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -o, --managed-object Type of managed object to count. E.g. "alpha_user", "alpha_role", "user", diff --git a/test/client_cli/en/__snapshots__/idm-delete.test.js.snap b/test/client_cli/en/__snapshots__/idm-delete.test.js.snap index aaecb77aa..5671cd406 100644 --- a/test/client_cli/en/__snapshots__/idm-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-delete.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-export.test.js.snap b/test/client_cli/en/__snapshots__/idm-export.test.js.snap index da40cbe0c..9f2253e41 100644 --- a/test/client_cli/en/__snapshots__/idm-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-export.test.js.snap @@ -88,7 +88,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/idm-import.test.js.snap b/test/client_cli/en/__snapshots__/idm-import.test.js.snap index 2365775c9..506f66e5e 100644 --- a/test/client_cli/en/__snapshots__/idm-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-import.test.js.snap @@ -86,7 +86,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-list.test.js.snap b/test/client_cli/en/__snapshots__/idm-list.test.js.snap index 91a77306a..3fdeac7d8 100644 --- a/test/client_cli/en/__snapshots__/idm-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-list.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap b/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap index 4ec904db0..ade223f95 100644 --- a/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-schema-object-export.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap b/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap index 4ec904db0..ade223f95 100644 --- a/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm-schema-object-import.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idp-delete.test.js.snap b/test/client_cli/en/__snapshots__/idp-delete.test.js.snap index 99b7a467a..713962c7a 100644 --- a/test/client_cli/en/__snapshots__/idp-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-delete.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/idp-export.test.js.snap b/test/client_cli/en/__snapshots__/idp-export.test.js.snap index bb57f882f..4dd5af7ca 100644 --- a/test/client_cli/en/__snapshots__/idp-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/idp-import.test.js.snap b/test/client_cli/en/__snapshots__/idp-import.test.js.snap index 6c4130b49..658bee668 100644 --- a/test/client_cli/en/__snapshots__/idp-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/idp-list.test.js.snap b/test/client_cli/en/__snapshots__/idp-list.test.js.snap index 72135d594..dbb15e4a9 100644 --- a/test/client_cli/en/__snapshots__/idp-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp-list.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/info.test.js.snap b/test/client_cli/en/__snapshots__/info.test.js.snap index 7b378eb21..fdf8b4d61 100644 --- a/test/client_cli/en/__snapshots__/info.test.js.snap +++ b/test/client_cli/en/__snapshots__/info.test.js.snap @@ -69,7 +69,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-delete.test.js.snap b/test/client_cli/en/__snapshots__/journey-delete.test.js.snap index 8645489e1..d6a623a0a 100644 --- a/test/client_cli/en/__snapshots__/journey-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/journey-describe.test.js.snap b/test/client_cli/en/__snapshots__/journey-describe.test.js.snap index 2be83270d..e2571badf 100644 --- a/test/client_cli/en/__snapshots__/journey-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-describe.test.js.snap @@ -79,7 +79,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --markdown Output in markdown. --no-cache Disable token cache for this operation. -o, --override-version Override version. Notation: diff --git a/test/client_cli/en/__snapshots__/journey-disable.test.js.snap b/test/client_cli/en/__snapshots__/journey-disable.test.js.snap index 90bbd60d2..b6a700566 100644 --- a/test/client_cli/en/__snapshots__/journey-disable.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-disable.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-enable.test.js.snap b/test/client_cli/en/__snapshots__/journey-enable.test.js.snap index c0dd964b2..57d74a3ec 100644 --- a/test/client_cli/en/__snapshots__/journey-enable.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-enable.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-export.test.js.snap b/test/client_cli/en/__snapshots__/journey-export.test.js.snap index c17a8d94e..8bfdc7c58 100644 --- a/test/client_cli/en/__snapshots__/journey-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/journey-import.test.js.snap b/test/client_cli/en/__snapshots__/journey-import.test.js.snap index 4047dc74b..4cf22c487 100644 --- a/test/client_cli/en/__snapshots__/journey-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts, email templates, SAML entity diff --git a/test/client_cli/en/__snapshots__/journey-list.test.js.snap b/test/client_cli/en/__snapshots__/journey-list.test.js.snap index e9579d4e2..08f01a8bb 100644 --- a/test/client_cli/en/__snapshots__/journey-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/journey-prune.test.js.snap b/test/client_cli/en/__snapshots__/journey-prune.test.js.snap index 7e657abbc..3f51b962d 100644 --- a/test/client_cli/en/__snapshots__/journey-prune.test.js.snap +++ b/test/client_cli/en/__snapshots__/journey-prune.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/log-fetch.test.js.snap b/test/client_cli/en/__snapshots__/log-fetch.test.js.snap index 6c30f8d18..4c01856f8 100644 --- a/test/client_cli/en/__snapshots__/log-fetch.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-fetch.test.js.snap @@ -92,7 +92,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -s, --search-string Filter by a specific string (ANDed with transactionID filter) @@ -219,7 +219,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -s, --search-string Filter by a specific string (ANDed with transactionID filter) diff --git a/test/client_cli/en/__snapshots__/log-list.test.js.snap b/test/client_cli/en/__snapshots__/log-list.test.js.snap index b869cc629..d5dce03c8 100644 --- a/test/client_cli/en/__snapshots__/log-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-list.test.js.snap @@ -68,7 +68,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) @@ -168,7 +168,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/log-tail.test.js.snap b/test/client_cli/en/__snapshots__/log-tail.test.js.snap index ff92e884d..ff986b79b 100644 --- a/test/client_cli/en/__snapshots__/log-tail.test.js.snap +++ b/test/client_cli/en/__snapshots__/log-tail.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) @@ -199,7 +199,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap b/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap index 0711bcf73..d27259c26 100644 --- a/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-delete.test.js.snap @@ -28,7 +28,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) associated with the the service account. diff --git a/test/client_cli/en/__snapshots__/mapping-export.test.js.snap b/test/client_cli/en/__snapshots__/mapping-export.test.js.snap index 065a57e9d..fa71316eb 100644 --- a/test/client_cli/en/__snapshots__/mapping-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-export.test.js.snap @@ -30,7 +30,7 @@ Options: classic: A classic Access Management-only deployment with custom layout and configuration. cloud: A ForgeRock Identity Cloud environment. forgeops: A ForgeOps CDK or CDM deployment. - The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops") + The detected or provided deployment type controls certain behavior like obtaining an Identity Management admin token or not and whether to export/import referenced email templates or how to walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies in export. diff --git a/test/client_cli/en/__snapshots__/mapping-import.test.js.snap b/test/client_cli/en/__snapshots__/mapping-import.test.js.snap index c83159977..0f64db4fa 100644 --- a/test/client_cli/en/__snapshots__/mapping-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/mapping-list.test.js.snap b/test/client_cli/en/__snapshots__/mapping-list.test.js.snap index fa6581dab..52c6c075f 100644 --- a/test/client_cli/en/__snapshots__/mapping-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap b/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap index 8450139b9..5245f2137 100644 --- a/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap +++ b/test/client_cli/en/__snapshots__/mapping-rename.test.js.snap @@ -86,7 +86,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap index f4643f35a..6d5f1a2b1 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deep No deep delete. This leaves orphaned configuration artifacts behind. diff --git a/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap index 10e8aa7f7..d0027129a 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap index 0439dc5a6..eb082cc07 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap index de5402261..8b407940d 100644 --- a/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/promote.test.js.snap b/test/client_cli/en/__snapshots__/promote.test.js.snap index 2f5865035..65b67602b 100644 --- a/test/client_cli/en/__snapshots__/promote.test.js.snap +++ b/test/client_cli/en/__snapshots__/promote.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -M, --master-dir The directory where the master configurations is located. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap b/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap index 0fda55a2e..8bd4214a3 100644 --- a/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-add-custom-domain.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/realm-describe.test.js.snap b/test/client_cli/en/__snapshots__/realm-describe.test.js.snap index 05ef9d0d8..cc6763b19 100644 --- a/test/client_cli/en/__snapshots__/realm-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-describe.test.js.snap @@ -72,7 +72,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/realm-export.test.js.snap b/test/client_cli/en/__snapshots__/realm-export.test.js.snap index b59a2ef07..83b3c65f1 100644 --- a/test/client_cli/en/__snapshots__/realm-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --realm-name Realm name. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/realm-import.test.js.snap b/test/client_cli/en/__snapshots__/realm-import.test.js.snap index 686b58f2b..0d56fd599 100644 --- a/test/client_cli/en/__snapshots__/realm-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --realm-name Realm name. If specified, only one realm is imported and the options -a and -A are ignored. diff --git a/test/client_cli/en/__snapshots__/realm-list.test.js.snap b/test/client_cli/en/__snapshots__/realm-list.test.js.snap index a1effb3ea..a1509b0b7 100644 --- a/test/client_cli/en/__snapshots__/realm-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap b/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap index e3af3148b..729187257 100644 --- a/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap +++ b/test/client_cli/en/__snapshots__/realm-remove-custom-domain.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/role-export.test.js.snap b/test/client_cli/en/__snapshots__/role-export.test.js.snap index 6a59049ee..fd2b2782e 100644 --- a/test/client_cli/en/__snapshots__/role-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/role-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --role-name Internal role name. If specified, only one internal role is exported and the options -a and -A are ignored. diff --git a/test/client_cli/en/__snapshots__/role-import.test.js.snap b/test/client_cli/en/__snapshots__/role-import.test.js.snap index 67196159f..96e589f1c 100644 --- a/test/client_cli/en/__snapshots__/role-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/role-import.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --role-name Internal role name. If specified, only one internal role is imported and the options -a and -A are ignored. diff --git a/test/client_cli/en/__snapshots__/role-list.test.js.snap b/test/client_cli/en/__snapshots__/role-list.test.js.snap index e97092410..cdccff717 100644 --- a/test/client_cli/en/__snapshots__/role-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/role-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap index 0d46a2a79..7a5197937 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap index dc88c059e..5f6f07301 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap b/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap index 86559f430..b12960cd8 100644 --- a/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-cot-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-delete.test.js.snap b/test/client_cli/en/__snapshots__/saml-delete.test.js.snap index 0b4754f19..08f3c62c7 100644 --- a/test/client_cli/en/__snapshots__/saml-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-describe.test.js.snap b/test/client_cli/en/__snapshots__/saml-describe.test.js.snap index 5623e1014..9e31dfcc7 100644 --- a/test/client_cli/en/__snapshots__/saml-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-describe.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-export.test.js.snap index 5056f3887..6143b9e1e 100644 --- a/test/client_cli/en/__snapshots__/saml-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-export.test.js.snap @@ -84,7 +84,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/saml-import.test.js.snap b/test/client_cli/en/__snapshots__/saml-import.test.js.snap index b1192f2ef..5e405c37b 100644 --- a/test/client_cli/en/__snapshots__/saml-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --no-deps Do not include any dependencies (scripts). diff --git a/test/client_cli/en/__snapshots__/saml-list.test.js.snap b/test/client_cli/en/__snapshots__/saml-list.test.js.snap index 5b944cc3f..6480f541e 100644 --- a/test/client_cli/en/__snapshots__/saml-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap b/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap index c19a1d519..ce64912e7 100644 --- a/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/saml-metadata-export.test.js.snap @@ -78,7 +78,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/script-delete.test.js.snap b/test/client_cli/en/__snapshots__/script-delete.test.js.snap index 182e76faf..9a01ae87e 100644 --- a/test/client_cli/en/__snapshots__/script-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/script-describe.test.js.snap b/test/client_cli/en/__snapshots__/script-describe.test.js.snap index a7a5432a4..810c1888a 100644 --- a/test/client_cli/en/__snapshots__/script-describe.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-describe.test.js.snap @@ -78,7 +78,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. --no-cache Disable token cache for this operation. --sa-id Service account id. diff --git a/test/client_cli/en/__snapshots__/script-export.test.js.snap b/test/client_cli/en/__snapshots__/script-export.test.js.snap index fd16724a3..58874c4ec 100644 --- a/test/client_cli/en/__snapshots__/script-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-export.test.js.snap @@ -82,7 +82,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/script-import.test.js.snap b/test/client_cli/en/__snapshots__/script-import.test.js.snap index 72cd828da..8cfadfd55 100644 --- a/test/client_cli/en/__snapshots__/script-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-import.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --script-name Name of the script. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/script-list.test.js.snap b/test/client_cli/en/__snapshots__/script-list.test.js.snap index bf3dc5c33..bdb807feb 100644 --- a/test/client_cli/en/__snapshots__/script-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/script-list.test.js.snap @@ -78,7 +78,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/server-export.test.js.snap b/test/client_cli/en/__snapshots__/server-export.test.js.snap index 9d2d44c20..5c10413c2 100644 --- a/test/client_cli/en/__snapshots__/server-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/server-export.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/server-import.test.js.snap b/test/client_cli/en/__snapshots__/server-import.test.js.snap index 388103399..70aa6a130 100644 --- a/test/client_cli/en/__snapshots__/server-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/server-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/server-list.test.js.snap b/test/client_cli/en/__snapshots__/server-list.test.js.snap index 4e4679fb6..411145253 100644 --- a/test/client_cli/en/__snapshots__/server-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/server-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/service-delete.test.js.snap b/test/client_cli/en/__snapshots__/service-delete.test.js.snap index f56b7f63f..377751ce1 100644 --- a/test/client_cli/en/__snapshots__/service-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-delete.test.js.snap @@ -75,7 +75,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/service-export.test.js.snap b/test/client_cli/en/__snapshots__/service-export.test.js.snap index 3adbd1f42..068172131 100644 --- a/test/client_cli/en/__snapshots__/service-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-export.test.js.snap @@ -80,7 +80,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -N, --no-metadata Does not include metadata in the export file. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/service-import.test.js.snap b/test/client_cli/en/__snapshots__/service-import.test.js.snap index 19ff14e5c..b15ff64ff 100644 --- a/test/client_cli/en/__snapshots__/service-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-import.test.js.snap @@ -83,7 +83,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. -r, --current-realm Import service(s) into the current realm. Use this flag if you exported a diff --git a/test/client_cli/en/__snapshots__/service-list.test.js.snap b/test/client_cli/en/__snapshots__/service-list.test.js.snap index 5b2754504..509097167 100644 --- a/test/client_cli/en/__snapshots__/service-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/service-list.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/shell.test.js.snap b/test/client_cli/en/__snapshots__/shell.test.js.snap index 93a19e872..5a1752203 100644 --- a/test/client_cli/en/__snapshots__/shell.test.js.snap +++ b/test/client_cli/en/__snapshots__/shell.test.js.snap @@ -74,7 +74,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/client_cli/en/__snapshots__/theme-delete.test.js.snap b/test/client_cli/en/__snapshots__/theme-delete.test.js.snap index 620217b5b..219857313 100644 --- a/test/client_cli/en/__snapshots__/theme-delete.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-delete.test.js.snap @@ -76,7 +76,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --theme-name Name of the theme. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/theme-export.test.js.snap b/test/client_cli/en/__snapshots__/theme-export.test.js.snap index cf3edc234..85beaa4d5 100644 --- a/test/client_cli/en/__snapshots__/theme-export.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-export.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --theme-name Name of the theme. If specified, -a and -A are ignored. -N, --no-metadata Does not include metadata in the export diff --git a/test/client_cli/en/__snapshots__/theme-import.test.js.snap b/test/client_cli/en/__snapshots__/theme-import.test.js.snap index 4aa6ee3de..9585ed956 100644 --- a/test/client_cli/en/__snapshots__/theme-import.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-import.test.js.snap @@ -81,7 +81,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") -n, --theme-name Name of the theme. If specified, -a and -A are ignored. --no-cache Disable token cache for this operation. diff --git a/test/client_cli/en/__snapshots__/theme-list.test.js.snap b/test/client_cli/en/__snapshots__/theme-list.test.js.snap index 77796bfe3..deb70478a 100644 --- a/test/client_cli/en/__snapshots__/theme-list.test.js.snap +++ b/test/client_cli/en/__snapshots__/theme-list.test.js.snap @@ -73,7 +73,7 @@ Options: walk through the tenant admin login flow of Identity Cloud and handle MFA (choices: "classic", "cloud", - "forgeops") + "forgeops", "idm") --no-cache Disable token cache for this operation. --sa-id Service account id. --sa-jwk-file File containing the JSON Web Key (JWK) diff --git a/test/e2e/__snapshots__/config-export.e2e.test.js.snap b/test/e2e/__snapshots__/config-export.e2e.test.js.snap index e5381e532..9fba873d5 100644 --- a/test/e2e/__snapshots__/config-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/config-export.e2e.test.js.snap @@ -252069,155 +252069,9 @@ exports[`frodo config export "frodo config export -AD exportAllTestDir1": should } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate 1`] = `""`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoEmailVerification.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "baselineDemoEmailVerification": { - "_id": "emailTemplate/baselineDemoEmailVerification", - "defaultLocale": "en", - "displayName": "Baseline Demo Email Verification", - "enabled": true, - "from": "security@example.com", - "html": { - "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verification for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "message": { - "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verfication for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #f6f6f6; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - h1 { - font-size: 40px; - text-align: center; -} - h2 { - font-size: 36px; -} - h3 { - font-size: 32px; -} - h4 { - font-size: 28px; -} - h5 { - font-size: 24px; -} - h6 { - font-size: 20px; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 600px -} - .button { - background-color: #109cf1; - border: none; - color: white; - padding: 15px 32px; - text-align: center; - text-decoration: none; - display: inline-block; - font-size: 16px; -} - ", - "subject": { - "en": "Please verify your email address", - }, - "templateId": "baselineDemoEmailVerification", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoMagicLink.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "baselineDemoMagicLink": { - "_id": "emailTemplate/baselineDemoMagicLink", - "defaultLocale": "en", - "displayName": "Baseline Demo Magic Link", - "enabled": true, - "from": "security@example.com", - "html": { - "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "message": { - "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #f6f6f6; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - h1 { - font-size: 40px; - text-align: center; -} - h2 { - font-size: 36px; -} - h3 { - font-size: 32px; -} - h4 { - font-size: 28px; -} - h5 { - font-size: 24px; -} - h6 { - font-size: 20px; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 600px -} - .button { - background-color: #109cf1; - border: none; - color: white; - padding: 15px 32px; - text-align: center; - text-decoration: none; - display: inline-block; - font-size: 16px; -} - ", - "subject": { - "en": "Your sign-in link", - }, - "templateId": "baselineDemoMagicLink", - }, - }, - "meta": Any, -} -`; +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings 1`] = `""`; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/forgottenUsername.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/forgottenUsername.emailTemplate.json 1`] = ` { "emailTemplate": { "forgottenUsername": { @@ -252225,16 +252079,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "defaultLocale": "en", "enabled": true, "from": "", - "html": { - "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", - }, "message": { - "en": "

{{#if object.userName}}Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", - "fr": "
{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", + "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Account Information - username", "fr": "Informations sur le compte - nom d'utilisateur", @@ -252245,293 +252094,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frEmailUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frEmailUpdated": { - "_id": "emailTemplate/frEmailUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account email has changed

Your ForgeRock Identity Cloud email has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your email has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frForgotUsername.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frForgotUsername": { - "_id": "emailTemplate/frForgotUsername", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Forgot your username?

Your username is {{ object.userName }}.

Sign In to Your Account

If you didn't request this, please ignore this email.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Forgot Username", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frOnboarding.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frOnboarding": { - "_id": "emailTemplate/frOnboarding", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account is ready

Your ForgeRock Identity Cloud account is ready. Click the button below to complete registration and access your environment.

Complete Registration

If you did not request this account, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Complete your ForgeRock Identity Cloud registration", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frPasswordUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frPasswordUpdated": { - "_id": "emailTemplate/frPasswordUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account password has changed

Your ForgeRock Identity Cloud password has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your password has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frProfileUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frProfileUpdated": { - "_id": "emailTemplate/frProfileUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account profile has changed

Your ForgeRock Identity Cloud profile has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your profile has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frResetPassword.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frResetPassword": { - "_id": "emailTemplate/frResetPassword", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Reset your password

It seems you have forgotten the password for your ForgeRock Identity Cloud account. Click the button below to reset your password and access your environment.

Reset Password

If you did not request to reset your password, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Reset your password", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frUsernameUpdated.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "frUsernameUpdated": { - "_id": "emailTemplate/frUsernameUpdated", - "defaultLocale": "en", - "enabled": true, - "from": "", - "message": { - "en": "
ForgeRock Logo

Your account username has changed

Your ForgeRock Identity Cloud username has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", - }, - "mimeType": "text/html", - "subject": { - "en": "Your username has been updated", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/idv.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "idv": { - "_id": "emailTemplate/idv", - "defaultLocale": "en", - "description": "Identity Verification Invitation", - "displayName": "idv", - "enabled": true, - "from": "", - "html": { - "en": "

Click the link below to verify your identity:

Verify my identity now

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, - "message": { - "en": "

Click the link below to verify your identity:

Verify my identity now

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, - "mimeType": "text/html", - "name": "registration", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", - "subject": { - "en": "You have been invited to verify your identity", - "fr": "Créer un nouveau compte", - }, - "templateId": "idv", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/joiner.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "joiner": { - "_id": "emailTemplate/joiner", - "advancedEditor": true, - "defaultLocale": "en", - "description": "This email will be sent onCreate of user to the external eMail address provided during creation. An OTP will also be sent to Telephone Number provided during creation to validate the user. The user will then be able to set their password and ForgeRock Push Authenticator", - "displayName": "Joiner", - "enabled": true, - "from": ""Encore HR" ", - "html": { - "en": "", - }, - "message": { - "en": " - - -
-

- -

-

Welcome to Encore {{object.givenName}} {{object.sn}}

-

Please click on the link below to validate your phone number with a One Time Code that will be sent via SMS or called to you depending on your phone type.

-

You will see your UserName and have the ability to set your password that will be used to login to Encore resources.

-

As we believe in enhanced security, you will also be setting up a Push Notification for future use.

- Click to Join Encore -
- -", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - a { - text-decoration: none; - color: #109cf1; -} - .content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} - ", - "subject": { - "en": "Welcome to Encore!", - }, - "templateId": "joiner", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registerPasswordlessDevice.emailTemplate.json 1`] = ` -{ - "emailTemplate": { - "registerPasswordlessDevice": { - "_id": "emailTemplate/registerPasswordlessDevice", - "defaultLocale": "en", - "description": "", - "displayName": "Register Passwordless Device", - "enabled": true, - "from": ""ForgeRock Identity Cloud" ", - "html": { - "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "message": { - "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", - }, - "mimeType": "text/html", - "styles": "body { - background-color: #324054; - color: #455469; - padding: 60px; - text-align: center -} - -a { - text-decoration: none; - color: #109cf1; -} - -.content { - background-color: #fff; - border-radius: 4px; - margin: 0 auto; - padding: 48px; - width: 235px -} -", - "subject": { - "en": "Your magic link is here - register new WebAuthN device", - }, - "templateId": "registerPasswordlessDevice", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registration.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/registration.emailTemplate.json 1`] = ` { "emailTemplate": { "registration": { @@ -252539,16 +252102,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "defaultLocale": "en", "enabled": true, "from": "", - "html": { - "en": "

This is your registration email.

Email verification link

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", - }, "message": { - "en": "

This is your registration email.

Email verification link

", - "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Register new account", "fr": "Créer un nouveau compte", @@ -252559,7 +252117,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/resetPassword.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/resetPassword.emailTemplate.json 1`] = ` { "emailTemplate": { "resetPassword": { @@ -252582,7 +252140,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/updatePassword.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/updatePassword.emailTemplate.json 1`] = ` { "emailTemplate": { "updatePassword": { @@ -252590,14 +252148,10 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "defaultLocale": "en", "enabled": true, "from": "", - "html": { - "en": "

Verify email to update password

Update password link

", - }, "message": { - "en": "

Verify email to update password

Update password link

", + "en": "

Verify email to update password

Update password link

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Update your password", }, @@ -252607,39 +252161,41 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/welcome.emailTemplate.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/emailTemplate/welcome.emailTemplate.json 1`] = ` { "emailTemplate": { "welcome": { "_id": "emailTemplate/welcome", "defaultLocale": "en", - "displayName": "Welcome", "enabled": true, "from": "", - "html": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", - }, "message": { - "en": "

Welcome. Your username is '{{object.userName}}'.

", + "en": "

Welcome to OpenIDM. Your username is '{{object.userName}}'.

", + "fr": "

Bienvenue sur OpenIDM. Votre nom d'utilisateur est '{{object.userName}}'.

", }, "mimeType": "text/html", - "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", "subject": { "en": "Your account has been created", + "fr": "Votre compte vient d’être créé !", }, - "templateId": "welcome", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/access.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/access.idm.json 1`] = ` { "idm": { "access": { "_id": "access", "configs": [ + { + "actions": "", + "methods": "read", + "pattern": "health", + "roles": "*", + }, { "actions": "*", "methods": "read", @@ -252653,17 +252209,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "roles": "*", }, { - "actions": "*", - "methods": "read", - "pattern": "config/fidc/*", + "actions": "validate", + "methods": "action", + "pattern": "util/validateQueryFilter", "roles": "*", }, - { - "actions": "*", - "methods": "*", - "pattern": "config/fidc/*", - "roles": "internal/role/openidm-admin", - }, { "actions": "*", "methods": "read", @@ -252673,25 +252223,14 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "actions": "*", "methods": "read", - "pattern": "config/ui/themerealm", - "roles": "*", - }, - { - "actions": "*", - "methods": "read", - "pattern": "config/uilocale/*", + "pattern": "config/ui/theme-*", "roles": "*", }, { "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled(['registration', 'passwordReset'])", "methods": "read", - "pattern": "config/fieldPolicy/*", - "roles": "internal/role/openidm-authorized", - }, - { - "actions": "*", - "methods": "read", - "pattern": "info/uiconfig", + "pattern": "config/selfservice/kbaConfig", "roles": "*", }, { @@ -252719,10 +252258,23 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "roles": "*", }, { - "actions": "validate", - "methods": "action", - "pattern": "util/validateQueryFilter", - "roles": "internal/role/openidm-authorized", + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/termsAndConditions", + "roles": "*", + }, + { + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/kbaUpdate", + "roles": "*", + }, + { + "actions": "", + "customAuthz": "isMyProfile()", + "methods": "read,query", + "pattern": "profile/*", + "roles": "*", }, { "actions": "*", @@ -252743,6 +252295,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "pattern": "consent", "roles": "internal/role/openidm-authorized", }, + { + "customAuthz": "checkIfApiRequest()", + "methods": "read", + "pattern": "*", + "roles": "internal/role/openidm-admin", + }, { "actions": "*", "excludePatterns": "repo,repo/*", @@ -252832,11 +252390,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "pattern": "selfservice/terms", "roles": "internal/role/platform-provisioning", }, - { - "methods": "read", - "pattern": "identityProviders", - "roles": "internal/role/platform-provisioning", - }, { "actions": "sendTemplate", "methods": "action", @@ -252861,6 +252414,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "pattern": "config/ui/*", "roles": "internal/role/openidm-authorized", }, + { + "actions": "reauthenticate", + "methods": "action", + "pattern": "authentication", + "roles": "internal/role/openidm-authorized", + }, { "actions": "bind,unbind", "customAuthz": "ownDataOnly()", @@ -252870,86 +252429,75 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, { "actions": "patch", - "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', [])", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', []) && reauthIfProtectedAttributeChange()", "methods": "update,patch,action", "pattern": "*", "roles": "internal/role/openidm-authorized", }, { - "actions": "patch", - "customAuthz": "(request.resourcePath === 'selfservice/user/' + context.security.authorization.id) && onlyEditableManagedObjectProperties('user', [])", - "methods": "patch,action", - "pattern": "selfservice/user/*", + "actions": "*", + "methods": "read", + "pattern": "endpoint/getprocessesforuser", "roles": "internal/role/openidm-authorized", }, { - "actions": "patch", - "customAuthz": "isQueryOneOf({'managed/user': ['for-userName']}) && restrictPatchToFields(['password'])", - "methods": "patch,action", - "pattern": "managed/user", - "roles": "internal/role/openidm-cert", + "actions": "*", + "methods": "query", + "pattern": "endpoint/gettasksview", + "roles": "internal/role/openidm-authorized", }, { - "actions": "*", - "customAuthz": "ownRelationshipProperty('_meta', false)", - "methods": "read", - "pattern": "internal/usermeta/*", + "actions": "complete", + "customAuthz": "isMyTask()", + "methods": "action", + "pattern": "workflow/taskinstance/*", "roles": "internal/role/openidm-authorized", }, { "actions": "*", - "customAuthz": "ownRelationshipProperty('_notifications', true)", - "methods": "read,delete", - "pattern": "internal/notification/*", + "customAuthz": "canUpdateTask()", + "methods": "read,update", + "pattern": "workflow/taskinstance/*", "roles": "internal/role/openidm-authorized", }, { "actions": "*", - "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", - "methods": "read,query", - "pattern": "managed/user/*", + "customAuthz": "isAllowedToStartProcess()", + "methods": "create", + "pattern": "workflow/processinstance", "roles": "internal/role/openidm-authorized", }, { - "actions": "", - "customAuthz": "ownDataOnly()", - "methods": "read,delete", - "pattern": "managed/alpha_user/*", + "actions": "read", + "methods": "*", + "pattern": "workflow/processdefinition/*", "roles": "internal/role/openidm-authorized", }, { - "actions": "patch", - "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('alpha_user', [])", - "methods": "update,patch,action", - "pattern": "managed/alpha_user/*", - "roles": "internal/role/openidm-authorized", + "customAuthz": "restrictPatchToFields(['password'])", + "methods": "patch", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-cert", }, { "actions": "*", - "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", - "methods": "read,query", - "pattern": "managed/alpha_user/*", + "customAuthz": "ownRelationshipProperty('_meta', false)", + "methods": "read", + "pattern": "internal/usermeta/*", "roles": "internal/role/openidm-authorized", }, { - "actions": "", - "customAuthz": "ownDataOnly()", + "actions": "*", + "customAuthz": "ownRelationshipProperty('_notifications', true)", "methods": "read,delete", - "pattern": "managed/bravo_user/*", - "roles": "internal/role/openidm-authorized", - }, - { - "actions": "patch", - "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('bravo_user', [])", - "methods": "update,patch,action", - "pattern": "managed/bravo_user/*", + "pattern": "internal/notification/*", "roles": "internal/role/openidm-authorized", }, { "actions": "*", - "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "customAuthz": "ownRelationshipCollection(['idps','_meta','_notifications'])", "methods": "read,query", - "pattern": "managed/bravo_user/*", + "pattern": "managed/user/*", "roles": "internal/role/openidm-authorized", }, { @@ -252966,2005 +252514,470 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/alphaOrgPrivileges.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/apiVersion.idm.json 1`] = ` { "idm": { - "alphaOrgPrivileges": { - "_id": "alphaOrgPrivileges", - "privileges": [ + "apiVersion": { + "_id": "apiVersion", + "warning": { + "enabled": { + "$bool": "&{openidm.apiVersion.warning.enabled|false}", + }, + "includeScripts": { + "$bool": "&{openidm.apiVersion.warning.includeScripts|false}", + }, + "logFilterResourcePaths": [ + "audit", + "authentication", + "cluster", + "config", + "consent", + "csv", + "external/rest", + "identityProviders", + "info", + "internal", + "internal/role", + "internal/user", + "internal/usermeta", + "managed", + "managed/assignment", + "managed/organization", + "managed/role", + "managed/user", + "notification", + "policy", + "privilege", + "profile", + "recon", + "recon/assoc", + "repo", + "selfservice/kba", + "selfservice/terms", + "scheduler/job", + "scheduler/trigger", + "schema", + "sync", + "sync/mappings", + "system", + "taskscanner", + ], + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/audit.idm.json 1`] = ` +{ + "idm": { + "audit": { + "_id": "audit", + "auditServiceConfig": { + "availableAuditEventHandlers": [ + "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", + "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", + "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", + "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", + ], + "caseInsensitiveFields": [ + "/access/http/request/headers", + "/access/http/response/headers", + ], + "filterPolicies": { + "field": { + "excludeIf": [], + "includeIf": [], + }, + }, + "handlerForQueries": "json", + }, + "eventHandlers": [ { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, + "class": "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "config": { + "buffering": { + "maxSize": 100000, + "writeInterval": "100 millis", }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, + "enabled": { + "$bool": "&{openidm.audit.handler.json.enabled|true}", }, - ], - "actions": [], - "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", - "name": "owner-view-update-delete-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], + "logDirectory": "&{idm.data.dir}/audit", + "name": "json", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], + }, }, { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, + "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.stdout.enabled|false}", }, - ], - "actions": [], - "filter": "/parent pr", - "name": "owner-create-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "CREATE", - ], + "name": "stdout", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], + }, }, { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, + "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.repo.enabled|false}", }, + "name": "repo", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], + }, + }, + ], + "eventTopics": { + "activity": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], + }, + "passwordFields": [ + "password", ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "owner-view-update-delete-admins-and-members", - "path": "managed/alpha_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], + "watchedFields": [], }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, + "config": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], + }, + }, + }, + "exceptionFormatter": { + "file": "bin/defaults/script/audit/stacktraceFormatter.js", + "type": "text/javascript", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/authentication.idm.json 1`] = ` +{ + "idm": { + "authentication": { + "_id": "authentication", + "serverAuthContext": { + "authModules": [ + { + "enabled": true, + "name": "STATIC_USER", + "properties": { + "defaultUserRoles": [ + "internal/role/openidm-reg", + ], + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "fzE1J3P9LZOmuCuecCDnaQ==", + "iv": "nhI8UHymNRChGIyOC+5Sag==", + "keySize": 32, + "mac": "XfF7VE/o5Shv6AqW1Xe3TQ==", + "purpose": "idm.config.encryption", + "salt": "v0NHakffrjBJNL3zjhEOtg==", + "stableId": "openidm-sym-default", + }, + }, + }, + "queryOnResource": "internal/user", + "username": "anonymous", }, - { - "attribute": "roles", - "readOnly": false, + }, + { + "enabled": true, + "name": "STATIC_USER", + "properties": { + "defaultUserRoles": [ + "internal/role/openidm-authorized", + "internal/role/openidm-admin", + ], + "password": "&{openidm.admin.password}", + "queryOnResource": "internal/user", + "username": "openidm-admin", }, - { - "attribute": "groups", - "readOnly": false, + }, + { + "enabled": true, + "name": "MANAGED_USER", + "properties": { + "augmentSecurityContext": { + "source": "var augmentYield = require('auth/customAuthz').setProtectedAttributes(security);require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, 'privileges', 'privilegeAssignments', augmentYield);", + "type": "text/javascript", + }, + "defaultUserRoles": [ + "internal/role/openidm-authorized", + ], + "propertyMapping": { + "additionalUserFields": [ + "adminOfOrg", + "ownerOfOrg", + ], + "authenticationId": "username", + "userCredential": "password", + "userRoles": "authzRoles", + }, + "queryId": "credential-query", + "queryOnResource": "managed/user", }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", - "name": "owner-create-admins", - "path": "managed/alpha_user", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", - "name": "admin-view-update-delete-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/parent pr", - "name": "admin-create-orgs", - "path": "managed/alpha_organization", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "admin-view-update-delete-members", - "path": "managed/alpha_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", - "name": "admin-create-members", - "path": "managed/alpha_user", - "permissions": [ - "CREATE", - ], + }, + ], + "sessionModule": { + "name": "JWT_SESSION", + "properties": { + "enableDynamicRoles": false, + "isHttpOnly": true, + "maxTokenLifeMinutes": 120, + "sessionOnly": true, + "tokenIdleTimeMinutes": 30, + }, }, - ], + }, }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/audit.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/cluster.idm.json 1`] = ` { "idm": { - "audit": { - "_id": "audit", - "auditServiceConfig": { - "availableAuditEventHandlers": [ - "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", - "org.forgerock.audit.handlers.elasticsearch.ElasticsearchAuditEventHandler", - "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", - "org.forgerock.audit.handlers.json.JsonAuditEventHandler", - "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", - "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", - "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", - "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler", - "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", - ], - "caseInsensitiveFields": [ - "/access/http/request/headers", - "/access/http/response/headers", - ], - "filterPolicies": { - "value": { - "excludeIf": [ - "/access/http/request/cookies/&{com.iplanet.am.cookie.name}", - "/access/http/request/cookies/session-jwt", - "/access/http/request/headers/&{com.sun.identity.auth.cookieName}", - "/access/http/request/headers/&{com.iplanet.am.cookie.name}", - "/access/http/request/headers/accept-encoding", - "/access/http/request/headers/accept-language", - "/access/http/request/headers/Authorization", - "/access/http/request/headers/cache-control", - "/access/http/request/headers/connection", - "/access/http/request/headers/content-length", - "/access/http/request/headers/content-type", - "/access/http/request/headers/proxy-authorization", - "/access/http/request/headers/X-OpenAM-Password", - "/access/http/request/headers/X-OpenIDM-Password", - "/access/http/request/queryParameters/access_token", - "/access/http/request/queryParameters/IDToken1", - "/access/http/request/queryParameters/id_token_hint", - "/access/http/request/queryParameters/Login.Token1", - "/access/http/request/queryParameters/redirect_uri", - "/access/http/request/queryParameters/requester", - "/access/http/request/queryParameters/sessionUpgradeSSOTokenId", - "/access/http/request/queryParameters/tokenId", - "/access/http/response/headers/Authorization", - "/access/http/response/headers/Set-Cookie", - "/access/http/response/headers/X-OpenIDM-Password", - ], - "includeIf": [], - }, - }, - "handlerForQueries": "json", - }, - "eventHandlers": [ - { - "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", - "config": { - "name": "json", - "topics": [ - "access", - "activity", - "sync", - "authentication", - "config", - ], - }, - }, - { - "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", - "config": { - "enabled": false, - "name": "repo", - "topics": [ - "access", - "activity", - "sync", - "authentication", - "config", - ], - }, - }, - ], - "eventTopics": { - "activity": { - "filter": { - "actions": [ - "create", - "update", - "delete", - "patch", - "action", - ], - }, - "passwordFields": [ - "password", - ], - "watchedFields": [], - }, - "config": { - "filter": { - "actions": [ - "create", - "update", - "delete", - "patch", - "action", - ], - }, - }, - }, - "exceptionFormatter": { - "file": "bin/defaults/script/audit/stacktraceFormatter.js", - "type": "text/javascript", - }, + "cluster": { + "_id": "cluster", + "enabled": true, + "instanceCheckInInterval": 5000, + "instanceCheckInOffset": 0, + "instanceId": "&{openidm.node.id}", + "instanceRecoveryTimeout": 30000, + "instanceTimeout": 30000, }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/authentication.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/getavailableuserstoassign.idm.json 1`] = ` { "idm": { - "authentication": { - "_id": "authentication", - "rsFilter": { - "augmentSecurityContext": { - "source": "require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, security.authorization.component.includes('/alpha_') ? 'alphaOrgPrivileges' : 'bravoOrgPrivileges', 'privilegeAssignments');", - "type": "text/javascript", - }, - "cache": { - "maxTimeout": "300 seconds", - }, - "scopes": [ - "fr:idm:*", - ], - "staticUserMapping": [ - { - "localUser": "internal/user/idm-provisioning", - "roles": [ - "internal/role/openidm-admin", - ], - "subject": "autoid-resource-server", - }, - ], - "subjectMapping": [ - { - "additionalUserFields": [ - "adminOfOrg", - "ownerOfOrg", - ], - "defaultRoles": [ - "internal/role/openidm-authorized", - ], - "propertyMapping": { - "sub": "_id", - }, - "queryOnResource": "managed/{{substring realm 1}}_user", - "userRoles": "authzRoles/*", - }, - ], - }, + "endpoint/getavailableuserstoassign": { + "_id": "endpoint/getavailableuserstoassign", + "file": "workflow/getavailableuserstoassign.js", + "type": "text/javascript", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/bravoOrgPrivileges.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/getprocessesforuser.idm.json 1`] = ` { "idm": { - "bravoOrgPrivileges": { - "_id": "bravoOrgPrivileges", - "privileges": [ - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", - "name": "owner-view-update-delete-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], - }, + "endpoint/getprocessesforuser": { + "_id": "endpoint/getprocessesforuser", + "file": "workflow/getprocessesforuser.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/gettasksview.idm.json 1`] = ` +{ + "idm": { + "endpoint/gettasksview": { + "_id": "endpoint/gettasksview", + "file": "workflow/gettasksview.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/mappingDetails.idm.json 1`] = ` +{ + "idm": { + "endpoint/mappingDetails": { + "_id": "endpoint/mappingDetails", + "context": "endpoint/mappingDetails", + "file": "mappingDetails.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/oauthproxy.idm.json 1`] = ` +{ + "idm": { + "endpoint/oauthproxy": { + "_id": "endpoint/oauthproxy", + "context": "endpoint/oauthproxy", + "file": "oauthProxy.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/removeRepoPathFromRelationships.idm.json 1`] = ` +{ + "idm": { + "endpoint/removeRepoPathFromRelationships": { + "_id": "endpoint/removeRepoPathFromRelationships", + "file": "update/removeRepoPathFromRelationships.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/repairMetadata.idm.json 1`] = ` +{ + "idm": { + "endpoint/repairMetadata": { + "_id": "endpoint/repairMetadata", + "file": "meta/metadataScanner.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/updateInternalUserAndInternalRoleEntries.idm.json 1`] = ` +{ + "idm": { + "endpoint/updateInternalUserAndInternalRoleEntries": { + "_id": "endpoint/updateInternalUserAndInternalRoleEntries", + "file": "update/updateInternalUserAndInternalRoleEntries.js", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/endpoint/validateQueryFilter.idm.json 1`] = ` +{ + "idm": { + "endpoint/validateQueryFilter": { + "_id": "endpoint/validateQueryFilter", + "context": "util/validateQueryFilter", + "source": "try { org.forgerock.openidm.query.StringQueryFilters.parse(request.content._queryFilter).accept(new org.forgerock.util.query.MapFilterVisitor(), null); } catch (e) { throw { 'code' : 400, 'message' : e.message } };", + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/external.rest.idm.json 1`] = ` +{ + "idm": { + "external.rest": { + "_id": "external.rest", + "hostnameVerifier": "&{openidm.external.rest.hostnameVerifier}", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/internal.idm.json 1`] = ` +{ + "idm": { + "internal": { + "_id": "internal", + "objects": [ { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": false, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, + "name": "role", + "properties": { + "authzMembers": { + "items": { + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + }, }, - ], - "actions": [], - "filter": "/parent pr", - "name": "owner-create-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "CREATE", - ], + }, }, { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, + "name": "notification", + "properties": { + "target": { + "reversePropertyName": "_notifications", }, - ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "owner-view-update-delete-admins-and-members", - "path": "managed/bravo_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], + }, }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": false, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", - "name": "owner-create-admins", - "path": "managed/bravo_user", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", - "name": "admin-view-update-delete-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "VIEW", - "UPDATE", - "DELETE", - ], - }, - { - "accessFlags": [ - { - "attribute": "name", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "owners", - "readOnly": true, - }, - { - "attribute": "admins", - "readOnly": true, - }, - { - "attribute": "members", - "readOnly": false, - }, - { - "attribute": "parent", - "readOnly": false, - }, - { - "attribute": "children", - "readOnly": false, - }, - { - "attribute": "parentIDs", - "readOnly": true, - }, - { - "attribute": "adminIDs", - "readOnly": true, - }, - { - "attribute": "parentAdminIDs", - "readOnly": true, - }, - { - "attribute": "ownerIDs", - "readOnly": true, - }, - { - "attribute": "parentOwnerIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/parent pr", - "name": "admin-create-orgs", - "path": "managed/bravo_organization", - "permissions": [ - "CREATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", - "name": "admin-view-update-delete-members", - "path": "managed/bravo_user", - "permissions": [ - "VIEW", - "DELETE", - "UPDATE", - ], - }, - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "password", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": false, - }, - { - "attribute": "telephoneNumber", - "readOnly": false, - }, - { - "attribute": "postalAddress", - "readOnly": false, - }, - { - "attribute": "city", - "readOnly": false, - }, - { - "attribute": "postalCode", - "readOnly": false, - }, - { - "attribute": "country", - "readOnly": false, - }, - { - "attribute": "stateProvince", - "readOnly": false, - }, - { - "attribute": "roles", - "readOnly": false, - }, - { - "attribute": "groups", - "readOnly": false, - }, - { - "attribute": "manager", - "readOnly": false, - }, - { - "attribute": "authzRoles", - "readOnly": false, - }, - { - "attribute": "reports", - "readOnly": false, - }, - { - "attribute": "effectiveRoles", - "readOnly": false, - }, - { - "attribute": "effectiveAssignments", - "readOnly": false, - }, - { - "attribute": "effectiveGroups", - "readOnly": false, - }, - { - "attribute": "lastSync", - "readOnly": false, - }, - { - "attribute": "kbaInfo", - "readOnly": false, - }, - { - "attribute": "preferences", - "readOnly": false, - }, - { - "attribute": "consentedMappings", - "readOnly": false, - }, - { - "attribute": "memberOfOrg", - "readOnly": false, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", - "name": "admin-create-members", - "path": "managed/bravo_user", - "permissions": [ - "CREATE", - ], - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/Test.idm.json 1`] = ` -{ - "idm": { - "endpoint/Test": { - "_id": "endpoint/Test", - "description": "test", - "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", - "source": " (function () { - if (request.method === 'create') { - // POST - return {}; - } else if (request.method === 'read') { - // GET - return {}; - } else if (request.method === 'update') { - // PUT - return {}; - } else if (request.method === 'patch') { - return {}; - } else if (request.method === 'delete') { - return {}; - } - throw { code: 500, message: 'Unknown error' }; - }());", - "type": "text/javascript", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/testEndpoint2.idm.json 1`] = ` -{ - "idm": { - "endpoint/testEndpoint2": { - "_id": "endpoint/testEndpoint2", - "description": "", - "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", - "source": " (function () { - if (request.method === 'create') { - // POST - return {}; - } else if (request.method === 'read') { - // GET - return {}; - } else if (request.method === 'update') { - // PUT - return {}; - } else if (request.method === 'patch') { - return {}; - } else if (request.method === 'delete') { - return {}; - } - throw { code: 500, message: 'Unknown error' }; - }());", - "type": "text/javascript", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/entityId.idm.json 1`] = ` -{ - "idm": { - "entityId": { - "_id": "entityId", - "defaultLocale": "en", - "displayName": "Frodo Test Email Template Three", - "enabled": true, - "from": "", - "message": { - "en": "

You started a login or profile update that requires MFA.

Click to Proceed

", - }, - "mimeType": "text/html", - "subject": { - "en": "Multi-Factor Email for Identity Cloud login", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.email.idm.json 1`] = ` -{ - "idm": { - "external.email": { - "_id": "external.email", - "auth": { - "enable": true, - "password": "&{aic.customer.sasl.pass}", - "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", - }, - "connectiontimeout": 300000, - "debug": false, - "from": "&{email.sender.address}", - "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", - "port": 25, - "smtpProperties": [], - "ssl": { - "enable": false, - }, - "starttls": { - "enable": false, - }, - "threadPoolSize": 20, - "timeout": 300000, - "writetimeout": 300000, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.emailDefault.idm.json 1`] = ` -{ - "idm": { - "external.emailDefault": { - "_id": "external.emailDefault", - "auth": { - "enable": true, - "password": "&{aic.customer.sasl.pass}", - "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", - }, - "connectiontimeout": 300000, - "debug": false, - "from": "&{email.sender.address}", - "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", - "port": 25, - "smtpProperties": [], - "ssl": { - "enable": false, - }, - "starttls": { - "enable": false, - }, - "threadPoolSize": 20, - "timeout": 300000, - "writetimeout": 300000, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/alpha_user.idm.json 1`] = ` -{ - "idm": { - "fieldPolicy/alpha_user": { - "_id": "fieldPolicy/alpha_user", - "defaultPasswordStorageScheme": [ - { - "_id": "PBKDF2-HMAC-SHA256", - }, - ], - "passwordAttribute": "password", - "resourceCollection": "managed/alpha_user", - "type": "password-policy", - "validator": [ - { - "_id": "alpha_userPasswordPolicy-length-based-password-validator", - "enabled": true, - "maxPasswordLength": 0, - "minPasswordLength": 10, - "type": "length-based", - }, - { - "_id": "alpha_userPasswordPolicy-attribute-value-password-validator", - "checkSubstrings": true, - "enabled": true, - "matchAttribute": [ - "mail", - "userName", - "givenName", - "sn", - ], - "minSubstringLength": 5, - "testReversedPassword": true, - "type": "attribute-value", - }, - { - "_id": "alpha_userPasswordPolicy-character-set-password-validator", - "allowUnclassifiedCharacters": true, - "characterSet": [ - "0:abcdefghijklmnopqrstuvwxyz", - "0:ABCDEFGHIJKLMNOPQRSTUVWXYZ", - "0:0123456789", - "0:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", - ], - "enabled": true, - "minCharacterSets": 4, - "type": "character-set", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/bravo_user.idm.json 1`] = ` -{ - "idm": { - "fieldPolicy/bravo_user": { - "_id": "fieldPolicy/bravo_user", - "defaultPasswordStorageScheme": [ - { - "_id": "PBKDF2-HMAC-SHA256", - }, - ], - "passwordAttribute": "password", - "resourceCollection": "managed/bravo_user", - "type": "password-policy", - "validator": [ - { - "_id": "bravo_userPasswordPolicy-length-based-password-validator", - "enabled": true, - "maxPasswordLength": 0, - "minPasswordLength": 8, - "type": "length-based", - }, - { - "_id": "bravo_userPasswordPolicy-attribute-value-password-validator", - "checkSubstrings": true, - "enabled": true, - "matchAttribute": [ - "mail", - "userName", - "givenName", - "sn", - ], - "minSubstringLength": 5, - "testReversedPassword": true, - "type": "attribute-value", - }, - { - "_id": "bravo_userPasswordPolicy-character-set-password-validator", - "allowUnclassifiedCharacters": true, - "characterSet": [ - "1:abcdefghijklmnopqrstuvwxyz", - "1:ABCDEFGHIJKLMNOPQRSTUVWXYZ", - "1:0123456789", - "1:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", - ], - "enabled": true, - "type": "character-set", - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/internal.idm.json 1`] = ` -{ - "idm": { - "internal": { - "_id": "internal", - "objects": [ - { - "name": "role", - "properties": { - "authzMembers": { - "items": { - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - }, - }, - }, - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/managed.idm.json 1`] = ` -{ - "idm": { - "managed": { - "_id": "managed", - "objects": [ + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/managed.idm.json 1`] = ` +{ + "idm": { + "managed": { + "_id": "managed", + "objects": [ { "lastSync": { "effectiveAssignmentsProperty": "effectiveAssignments", @@ -254972,14 +252985,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "meta": { "property": "_meta", - "resourceCollection": "managed/alpha_usermeta", + "resourceCollection": "internal/usermeta", "trackedProperties": [ "createDate", "lastChanged", ], }, - "name": "alpha_user", - "notifications": {}, + "name": "user", + "notifications": { + "property": "_notifications", + }, + "postDelete": { + "source": "require('postDelete-idp-cleanup').removeConnectedIdpData(oldObject, resourceName, request);require('postDelete-notification-cleanup').removeConnectedNotificationData(oldObject, resourceName, request);", + "type": "text/javascript", + }, "schema": { "$schema": "http://json-schema.org/draft-03/schema", "icon": "fa-user", @@ -254990,10 +253009,8 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userName", "password", "givenName", - "cn", "sn", "mail", - "profileImage", "description", "accountStatus", "telephoneNumber", @@ -255004,15 +253021,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "stateProvince", "roles", "assignments", - "groups", - "applications", "manager", "authzRoles", "reports", "effectiveRoles", "effectiveAssignments", - "effectiveGroups", - "effectiveApplications", "lastSync", "kbaInfo", "preferences", @@ -255021,48 +253034,8 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "adminOfOrg", "memberOfOrg", "memberOfOrgIDs", - "ownerOfApp", - "frIndexedString1", - "frIndexedString2", - "frIndexedString3", - "frIndexedString4", - "frIndexedString5", - "frUnindexedString1", - "frUnindexedString2", - "frUnindexedString3", - "frUnindexedString4", - "frUnindexedString5", - "frIndexedMultivalued1", - "frIndexedMultivalued2", - "frIndexedMultivalued3", - "frIndexedMultivalued4", - "frIndexedMultivalued5", - "frUnindexedMultivalued1", - "frUnindexedMultivalued2", - "frUnindexedMultivalued3", - "frUnindexedMultivalued4", - "frUnindexedMultivalued5", - "frIndexedDate1", - "frIndexedDate2", - "frIndexedDate3", - "frIndexedDate4", - "frIndexedDate5", - "frUnindexedDate1", - "frUnindexedDate2", - "frUnindexedDate3", - "frUnindexedDate4", - "frUnindexedDate5", - "frIndexedInteger1", - "frIndexedInteger2", - "frIndexedInteger3", - "frIndexedInteger4", - "frIndexedInteger5", - "frUnindexedInteger1", - "frUnindexedInteger2", - "frUnindexedInteger3", - "frUnindexedInteger4", - "frUnindexedInteger5", - "assignedDashboard", + "activeDate", + "inactiveDate", ], "properties": { "_id": { @@ -255088,6 +253061,14 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "default": "active", "description": "Status", "isPersonal": false, + "policies": [ + { + "params": { + "regexp": "^(active|inactive)$", + }, + "policyId": "regexpMatches", + }, + ], "searchable": true, "title": "Status", "type": "string", @@ -255095,6 +253076,22 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": false, "viewable": true, }, + "activeDate": { + "description": "Active Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": false, + "title": "Active Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, "adminOfOrg": { "items": { "notifySelf": false, @@ -255117,7 +253114,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": true, - "path": "managed/alpha_organization", + "path": "managed/organization", "query": { "fields": [ "name", @@ -255140,100 +253137,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": false, "viewable": true, }, - "aliasList": { - "description": "List of identity aliases used primarily to record social IdP subjects for this user", - "isVirtual": false, - "items": { - "title": "User Alias Names Items", - "type": "string", - }, - "returnByDefault": false, - "searchable": false, - "title": "User Alias Names List", - "type": "array", - "userEditable": true, - "viewable": false, - }, - "applications": { - "description": "Applications", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", - "isPersonal": false, - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Groups Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Application", - "path": "managed/alpha_application", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [ - "name", - ], - }, - }, - ], - "reversePropertyName": "members", - "reverseRelationship": true, - "title": "Groups Items", - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "title": "Applications", - "type": "array", - "usageDescription": "", - "userEditable": false, - "viewable": false, - }, - "assignedDashboard": { - "description": "List of items to click on for this user", - "isVirtual": true, - "items": { - "title": "Assigned Dashboard Items", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "name", - ], - "referencedRelationshipFields": [ - [ - "roles", - "applications", - ], - [ - "applications", - ], - ], - }, - "searchable": false, - "title": "Assigned Dashboard", - "type": "array", - "userEditable": false, - "viewable": true, - }, "assignments": { "description": "Assignments", "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", @@ -255267,7 +253170,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "conditionalAssociationField": "condition", "label": "Assignment", - "path": "managed/alpha_assignment", + "path": "managed/assignment", "query": { "fields": [ "name", @@ -255341,60 +253244,65 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "city": { "description": "City", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "City", "type": "string", "usageDescription": "", "userEditable": true, "viewable": true, }, - "cn": { - "default": "{{givenName}} {{sn}}", - "description": "Common Name", - "isPersonal": true, - "scope": "private", - "searchable": false, - "title": "Common Name", - "type": "string", - "userEditable": false, - "viewable": false, - }, "consentedMappings": { "description": "Consented Mappings", "isPersonal": false, "isVirtual": false, "items": { - "items": { - "order": [ - "mapping", - "consentDate", - ], - "properties": { - "consentDate": { - "description": "Consent Date", - "searchable": true, - "title": "Consent Date", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "mapping": { - "description": "Mapping", - "searchable": true, - "title": "Mapping", - "type": "string", - "userEditable": true, - "viewable": true, - }, + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "format": "datetime", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, }, - "required": [ - "mapping", - "consentDate", - ], - "title": "Consented Mappings Item", - "type": "object", }, - "title": "Consented Mappings Items", - "type": "array", + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mapping", + "type": "object", }, "returnByDefault": false, "searchable": false, @@ -255407,6 +253315,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "country": { "description": "Country", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Country", "type": "string", "usageDescription": "", @@ -255416,6 +253338,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "description": { "description": "Description", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "searchable": true, "title": "Description", "type": "string", @@ -255423,52 +253359,25 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": true, "viewable": true, }, - "effectiveApplications": { - "description": "Effective Applications", + "effectiveAssignments": { + "description": "Effective Assignments", "isPersonal": false, "isVirtual": true, "items": { - "title": "Effective Assigned Application Items", + "title": "Effective Assignments Items", "type": "object", }, "queryConfig": { "referencedObjectFields": [ - "name", + "*", ], "referencedRelationshipFields": [ [ "roles", - "applications", + "assignments", ], [ - "applications", - ], - ], - }, - "returnByDefault": true, - "title": "Effective Applications", - "type": "array", - "viewable": false, - }, - "effectiveAssignments": { - "description": "Effective Assignments", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Assignments Items", - "type": "object", - }, - "queryConfig": { - "referencedObjectFields": [ - "*", - ], - "referencedRelationshipFields": [ - [ - "roles", - "assignments", - ], - [ - "assignments", + "assignments", ], ], }, @@ -255478,25 +253387,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "usageDescription": "", "viewable": false, }, - "effectiveGroups": { - "description": "Effective Groups", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Groups Items", - "type": "object", - }, - "queryConfig": { - "referencedRelationshipFields": [ - "groups", - ], - }, - "returnByDefault": true, - "title": "Effective Groups", - "type": "array", - "usageDescription": "", - "viewable": false, - }, "effectiveRoles": { "description": "Effective Roles", "isPersonal": false, @@ -255516,399 +253406,23 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "usageDescription": "", "viewable": false, }, - "frIndexedDate1": { - "description": "Generic Indexed Date 1", - "isPersonal": false, - "title": "Generic Indexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate2": { - "description": "Generic Indexed Date 2", - "isPersonal": false, - "title": "Generic Indexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate3": { - "description": "Generic Indexed Date 3", - "isPersonal": false, - "title": "Generic Indexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate4": { - "description": "Generic Indexed Date 4", - "isPersonal": false, - "title": "Generic Indexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate5": { - "description": "Generic Indexed Date 5", - "isPersonal": false, - "title": "Generic Indexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger1": { - "description": "Generic Indexed Integer 1", - "isPersonal": false, - "title": "Generic Indexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger2": { - "description": "Generic Indexed Integer 2", - "isPersonal": false, - "title": "Generic Indexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger3": { - "description": "Generic Indexed Integer 3", - "isPersonal": false, - "title": "Generic Indexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger4": { - "description": "Generic Indexed Integer 4", - "isPersonal": false, - "title": "Generic Indexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger5": { - "description": "Generic Indexed Integer 5", - "isPersonal": false, - "title": "Generic Indexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued1": { - "description": "Generic Indexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued2": { - "description": "Generic Indexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued3": { - "description": "Generic Indexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued4": { - "description": "Generic Indexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued5": { - "description": "Generic Indexed Multivalue 5", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 5", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString1": { - "description": "Generic Indexed String 1", - "isPersonal": false, - "title": "Generic Indexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString2": { - "description": "Generic Indexed String 2", - "isPersonal": false, - "title": "Generic Indexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString3": { - "description": "Generic Indexed String 3", - "isPersonal": false, - "title": "Generic Indexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString4": { - "description": "Generic Indexed String 4", - "isPersonal": false, - "title": "Generic Indexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString5": { - "description": "Generic Indexed String 5", - "isPersonal": false, - "title": "Generic Indexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate1": { - "description": "Generic Unindexed Date 1", - "isPersonal": false, - "title": "Generic Unindexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate2": { - "description": "Generic Unindexed Date 2", - "isPersonal": false, - "title": "Generic Unindexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate3": { - "description": "Generic Unindexed Date 3", - "isPersonal": false, - "title": "Generic Unindexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate4": { - "description": "Generic Unindexed Date 4", - "isPersonal": false, - "title": "Generic Unindexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate5": { - "description": "Generic Unindexed Date 5", - "isPersonal": false, - "title": "Generic Unindexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger1": { - "description": "Generic Unindexed Integer 1", - "isPersonal": false, - "title": "Generic Unindexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger2": { - "description": "Generic Unindexed Integer 2", - "isPersonal": false, - "title": "Generic Unindexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger3": { - "description": "Generic Unindexed Integer 3", - "isPersonal": false, - "title": "Generic Unindexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger4": { - "description": "Generic Unindexed Integer 4", - "isPersonal": false, - "title": "Generic Unindexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger5": { - "description": "Generic Unindexed Integer 5", - "isPersonal": false, - "title": "Generic Unindexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued1": { - "description": "Generic Unindexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued2": { - "description": "Generic Unindexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued3": { - "description": "Generic Unindexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued4": { - "description": "Generic Unindexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued5": { - "description": "Generic Unindexed Multivalue 5", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 5", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString1": { - "description": "Generic Unindexed String 1", - "isPersonal": false, - "title": "Generic Unindexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString2": { - "description": "Generic Unindexed String 2", - "isPersonal": false, - "title": "Generic Unindexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString3": { - "description": "Generic Unindexed String 3", - "isPersonal": false, - "title": "Generic Unindexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString4": { - "description": "Generic Unindexed String 4", - "isPersonal": false, - "title": "Generic Unindexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString5": { - "description": "Generic Unindexed String 5", - "isPersonal": false, - "title": "Generic Unindexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, "givenName": { "description": "First Name", "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "searchable": true, "title": "First Name", "type": "string", @@ -255916,58 +253430,18 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": true, "viewable": true, }, - "groups": { - "description": "Groups", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "inactiveDate": { + "description": "Inactive Date", + "format": "datetime", "isPersonal": false, - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Groups Items _refProperties", - "type": "object", - }, + "policies": [ + { + "policyId": "valid-datetime", }, - "resourceCollection": [ - { - "conditionalAssociationField": "condition", - "label": "Group", - "path": "managed/alpha_group", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "members", - "reverseRelationship": true, - "title": "Groups Items", - "type": "relationship", - "validate": true, - }, - "relationshipGrantTemporalConstraintsEnforced": false, - "returnByDefault": false, - "title": "Groups", - "type": "array", + ], + "searchable": false, + "title": "Inactive Date", + "type": "string", "usageDescription": "", "userEditable": false, "viewable": true, @@ -256023,6 +253497,11 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "timestamp": { "description": "Timestamp", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], "type": "string", }, }, @@ -256041,6 +253520,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "policyId": "valid-email-address-format", }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, ], "searchable": true, "title": "Email Address", @@ -256072,7 +253557,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "resourceCollection": [ { "label": "User", - "path": "managed/alpha_user", + "path": "managed/user", "query": { "fields": [ "userName", @@ -256115,7 +253600,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": false, - "path": "managed/alpha_organization", + "path": "managed/organization", "query": { "fields": [ "name", @@ -256161,49 +253646,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": false, "viewable": false, }, - "ownerOfApp": { - "items": { - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Application", - "path": "managed/alpha_application", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [ - "name", - ], - }, - }, - ], - "reversePropertyName": "owners", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Applications I Own", - "type": "array", - "userEditable": false, - "viewable": true, - }, "ownerOfOrg": { "items": { "notifySelf": false, @@ -256226,7 +253668,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": true, - "path": "managed/alpha_organization", + "path": "managed/organization", "query": { "fields": [ "name", @@ -256251,8 +253693,41 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "password": { "description": "Password", + "encryption": { + "purpose": "idm.password.encryption", + }, "isPersonal": false, "isProtected": true, + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", + }, + { + "params": { + "numCaps": 1, + }, + "policyId": "at-least-X-capitals", + }, + { + "params": { + "numNums": 1, + }, + "policyId": "at-least-X-numbers", + }, + { + "params": { + "disallowedFields": [ + "userName", + "givenName", + "sn", + ], + }, + "policyId": "cannot-contain-others", + }, + ], "scope": "private", "searchable": false, "title": "Password", @@ -256264,6 +253739,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "postalAddress": { "description": "Address 1", "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Address 1", "type": "string", "usageDescription": "", @@ -256273,6 +253762,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "postalCode": { "description": "Postal Code", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Postal Code", "type": "string", "usageDescription": "", @@ -256304,16 +253807,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userEditable": true, "viewable": true, }, - "profileImage": { - "description": "Profile Image", - "isPersonal": true, - "searchable": true, - "title": "Profile Image", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": false, - }, "reports": { "description": "Direct Reports", "isPersonal": false, @@ -256339,7 +253832,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "resourceCollection": [ { "label": "User", - "path": "managed/alpha_user", + "path": "managed/user", "query": { "fields": [ "userName", @@ -256396,7 +253889,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "conditionalAssociationField": "condition", "label": "Role", - "path": "managed/alpha_role", + "path": "managed/role", "query": { "fields": [ "name", @@ -256422,6 +253915,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "sn": { "description": "Last Name", "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "searchable": true, "title": "Last Name", "type": "string", @@ -256432,6 +253939,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "stateProvince": { "description": "State/Province", "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "State/Province", "type": "string", "usageDescription": "", @@ -256442,6 +253963,20 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "description": "Telephone Number", "isPersonal": true, "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], "title": "Telephone Number", "type": "string", "usageDescription": "", @@ -256451,7 +253986,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "userName": { "description": "Username", "isPersonal": true, - "minLength": 1, "policies": [ { "policyId": "valid-username", @@ -256491,206 +254025,40 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "sn", "mail", ], - "title": "Alpha realm - User", + "title": "User", "type": "object", "viewable": true, }, }, { - "lastSync": { - "effectiveAssignmentsProperty": "effectiveAssignments", - "lastSyncProperty": "lastSync", - }, - "meta": { - "property": "_meta", - "resourceCollection": "managed/bravo_usermeta", - "trackedProperties": [ - "createDate", - "lastChanged", - ], - }, - "name": "bravo_user", - "notifications": {}, + "name": "role", "schema": { - "$schema": "http://json-schema.org/draft-03/schema", - "icon": "fa-user", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", - "mat-icon": "people", + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", "order": [ "_id", - "userName", - "password", - "givenName", - "cn", - "sn", - "mail", - "profileImage", + "name", "description", - "accountStatus", - "telephoneNumber", - "postalAddress", - "city", - "postalCode", - "country", - "stateProvince", - "roles", + "members", "assignments", - "groups", - "applications", - "manager", - "authzRoles", - "reports", - "effectiveRoles", - "effectiveAssignments", - "effectiveGroups", - "effectiveApplications", - "lastSync", - "kbaInfo", - "preferences", - "consentedMappings", - "ownerOfOrg", - "adminOfOrg", - "memberOfOrg", - "memberOfOrgIDs", - "ownerOfApp", - "frIndexedString1", - "frIndexedString2", - "frIndexedString3", - "frIndexedString4", - "frIndexedString5", - "frUnindexedString1", - "frUnindexedString2", - "frUnindexedString3", - "frUnindexedString4", - "frUnindexedString5", - "frIndexedMultivalued1", - "frIndexedMultivalued2", - "frIndexedMultivalued3", - "frIndexedMultivalued4", - "frIndexedMultivalued5", - "frUnindexedMultivalued1", - "frUnindexedMultivalued2", - "frUnindexedMultivalued3", - "frUnindexedMultivalued4", - "frUnindexedMultivalued5", - "frIndexedDate1", - "frIndexedDate2", - "frIndexedDate3", - "frIndexedDate4", - "frIndexedDate5", - "frUnindexedDate1", - "frUnindexedDate2", - "frUnindexedDate3", - "frUnindexedDate4", - "frUnindexedDate5", - "frIndexedInteger1", - "frIndexedInteger2", - "frIndexedInteger3", - "frIndexedInteger4", - "frIndexedInteger5", - "frUnindexedInteger1", - "frUnindexedInteger2", - "frUnindexedInteger3", - "frUnindexedInteger4", - "frUnindexedInteger5", - "assignedDashboard", + "condition", + "temporalConstraints", ], "properties": { "_id": { - "description": "User ID", - "isPersonal": false, - "policies": [ - { - "params": { - "forbiddenChars": [ - "/", - ], - }, - "policyId": "cannot-contain-characters", - }, - ], + "description": "Role ID", "searchable": false, + "title": "Name", "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": false, - }, - "accountStatus": { - "default": "active", - "description": "Status", - "isPersonal": false, - "searchable": true, - "title": "Status", - "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": true, - }, - "adminOfOrg": { - "items": { - "notifySelf": false, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": true, - "path": "managed/bravo_organization", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "admins", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Organizations I Administer", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "aliasList": { - "description": "List of identity aliases used primarily to record social IdP subjects for this user", - "isVirtual": false, - "items": { - "title": "User Alias Names Items", - "type": "string", - }, - "returnByDefault": false, - "searchable": false, - "title": "User Alias Names List", - "type": "array", - "userEditable": true, "viewable": false, }, - "applications": { - "description": "Applications", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", - "isPersonal": false, + "assignments": { + "description": "Managed Assignments", "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", "notifySelf": true, "properties": { "_ref": { @@ -256705,73 +254073,55 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "type": "string", }, }, - "title": "Groups Items _refProperties", + "title": "Managed Assignments Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "label": "Application", - "path": "managed/bravo_application", + "label": "Assignment", + "path": "managed/assignment", "query": { "fields": [ "name", ], "queryFilter": "true", - "sortKeys": [ - "name", - ], }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "roles", "reverseRelationship": true, - "title": "Groups Items", + "title": "Managed Assignments Items", "type": "relationship", "validate": true, }, + "notifyRelationships": [ + "members", + ], "returnByDefault": false, - "title": "Applications", + "title": "Managed Assignments", "type": "array", - "usageDescription": "", - "userEditable": false, - "viewable": false, + "viewable": true, }, - "assignedDashboard": { - "description": "List of items to click on for this user", - "isVirtual": true, - "items": { - "title": "Assigned Dashboard Items", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "name", - ], - "referencedRelationshipFields": [ - [ - "roles", - "applications", - ], - [ - "applications", - ], - ], - }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, "searchable": false, - "title": "Assigned Dashboard", - "type": "array", - "userEditable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", "viewable": true, }, - "assignments": { - "description": "Assignments", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", - "isPersonal": false, + "members": { + "description": "Role Members", "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", - "notifySelf": true, + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", "properties": { "_ref": { "description": "References a relationship from a managed object", @@ -256790,670 +254140,194 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "type": "string", }, }, - "title": "Provisioning Roles Items _refProperties", + "title": "Role Members Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "conditionalAssociationField": "condition", - "label": "Assignment", - "path": "managed/bravo_assignment", + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "roles", "reverseRelationship": true, - "title": "Assignments Items", + "title": "Role Members Items", "type": "relationship", "validate": true, }, + "relationshipGrantTemporalConstraintsEnforced": true, "returnByDefault": false, - "title": "Assignments", + "title": "Role Members", "type": "array", - "usageDescription": "", - "userEditable": false, "viewable": true, }, - "authzRoles": { - "description": "Authorization Roles", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", - "isPersonal": false, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "order": [ + "duration", + ], "properties": { - "_ref": { - "description": "References a relationship from a managed object", + "duration": { + "description": "Duration", "type": "string", }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Authorization Roles Items _refProperties", - "type": "object", - }, }, - "resourceCollection": [ - { - "conditionalAssociationField": "condition", - "label": "Internal Role", - "path": "internal/role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, + "required": [ + "duration", ], - "reversePropertyName": "authzMembers", - "reverseRelationship": true, - "title": "Authorization Roles Items", - "type": "relationship", - "validate": true, + "title": "Temporal Constraints Items", + "type": "object", }, - "returnByDefault": false, - "title": "Authorization Roles", + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", "type": "array", - "usageDescription": "", - "userEditable": false, - "viewable": true, + "viewable": false, }, - "city": { - "description": "City", - "isPersonal": false, - "title": "City", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "cn": { - "default": "{{givenName}} {{sn}}", - "description": "Common Name", - "isPersonal": true, - "scope": "private", + }, + "required": [ + "name", + ], + "title": "Role", + "type": "object", + }, + }, + { + "attributeEncryption": {}, + "name": "assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", "searchable": false, - "title": "Common Name", + "title": "Name", "type": "string", - "userEditable": false, "viewable": false, }, - "consentedMappings": { - "description": "Consented Mappings", - "isPersonal": false, - "isVirtual": false, + "attributes": { + "description": "The attributes operated on by this assignment.", "items": { - "items": { - "order": [ - "mapping", - "consentDate", - ], - "properties": { - "consentDate": { - "description": "Consent Date", - "searchable": true, - "title": "Consent Date", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "mapping": { - "description": "Mapping", - "searchable": true, - "title": "Mapping", - "type": "string", - "userEditable": true, - "viewable": true, - }, + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", }, - "required": [ - "mapping", - "consentDate", - ], - "title": "Consented Mappings Item", - "type": "object", }, - "title": "Consented Mappings Items", - "type": "array", + "required": [], + "title": "Assignment Attributes Items", + "type": "object", }, - "returnByDefault": false, - "searchable": false, - "title": "Consented Mappings", + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": false, + "viewable": true, }, - "country": { - "description": "Country", - "isPersonal": false, - "title": "Country", + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, + "viewable": false, }, "description": { - "description": "Description", - "isPersonal": false, + "description": "The assignment description, used for display purposes.", "searchable": true, "title": "Description", "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "effectiveApplications": { - "description": "Effective Applications", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Assigned Application Items", - "type": "object", - }, - "queryConfig": { - "referencedObjectFields": [ - "name", - ], - "referencedRelationshipFields": [ - [ - "roles", - "applications", - ], - [ - "applications", - ], - ], - }, - "returnByDefault": true, - "title": "Effective Applications", - "type": "array", - "viewable": false, - }, - "effectiveAssignments": { - "description": "Effective Assignments", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Assignments Items", - "type": "object", - }, - "queryConfig": { - "referencedObjectFields": [ - "*", - ], - "referencedRelationshipFields": [ - [ - "roles", - "assignments", - ], - [ - "assignments", - ], - ], - }, - "returnByDefault": true, - "title": "Effective Assignments", - "type": "array", - "usageDescription": "", - "viewable": false, - }, - "effectiveGroups": { - "description": "Effective Groups", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Groups Items", - "type": "object", - }, - "queryConfig": { - "referencedRelationshipFields": [ - "groups", - ], - }, - "returnByDefault": true, - "title": "Effective Groups", - "type": "array", - "usageDescription": "", - "viewable": false, - }, - "effectiveRoles": { - "description": "Effective Roles", - "isPersonal": false, - "isVirtual": true, - "items": { - "title": "Effective Roles Items", - "type": "object", - }, - "queryConfig": { - "referencedRelationshipFields": [ - "roles", - ], - }, - "returnByDefault": true, - "title": "Effective Roles", - "type": "array", - "usageDescription": "", - "viewable": false, - }, - "frIndexedDate1": { - "description": "Generic Indexed Date 1", - "isPersonal": false, - "title": "Generic Indexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate2": { - "description": "Generic Indexed Date 2", - "isPersonal": false, - "title": "Generic Indexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate3": { - "description": "Generic Indexed Date 3", - "isPersonal": false, - "title": "Generic Indexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate4": { - "description": "Generic Indexed Date 4", - "isPersonal": false, - "title": "Generic Indexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedDate5": { - "description": "Generic Indexed Date 5", - "isPersonal": false, - "title": "Generic Indexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger1": { - "description": "Generic Indexed Integer 1", - "isPersonal": false, - "title": "Generic Indexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger2": { - "description": "Generic Indexed Integer 2", - "isPersonal": false, - "title": "Generic Indexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger3": { - "description": "Generic Indexed Integer 3", - "isPersonal": false, - "title": "Generic Indexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger4": { - "description": "Generic Indexed Integer 4", - "isPersonal": false, - "title": "Generic Indexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedInteger5": { - "description": "Generic Indexed Integer 5", - "isPersonal": false, - "title": "Generic Indexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued1": { - "description": "Generic Indexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued2": { - "description": "Generic Indexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued3": { - "description": "Generic Indexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued4": { - "description": "Generic Indexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedMultivalued5": { - "description": "Generic Indexed Multivalue 5", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Indexed Multivalue 5", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString1": { - "description": "Generic Indexed String 1", - "isPersonal": false, - "title": "Generic Indexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString2": { - "description": "Generic Indexed String 2", - "isPersonal": false, - "title": "Generic Indexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString3": { - "description": "Generic Indexed String 3", - "isPersonal": false, - "title": "Generic Indexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString4": { - "description": "Generic Indexed String 4", - "isPersonal": false, - "title": "Generic Indexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frIndexedString5": { - "description": "Generic Indexed String 5", - "isPersonal": false, - "title": "Generic Indexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate1": { - "description": "Generic Unindexed Date 1", - "isPersonal": false, - "title": "Generic Unindexed Date 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate2": { - "description": "Generic Unindexed Date 2", - "isPersonal": false, - "title": "Generic Unindexed Date 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate3": { - "description": "Generic Unindexed Date 3", - "isPersonal": false, - "title": "Generic Unindexed Date 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate4": { - "description": "Generic Unindexed Date 4", - "isPersonal": false, - "title": "Generic Unindexed Date 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedDate5": { - "description": "Generic Unindexed Date 5", - "isPersonal": false, - "title": "Generic Unindexed Date 5", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger1": { - "description": "Generic Unindexed Integer 1", - "isPersonal": false, - "title": "Generic Unindexed Integer 1", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger2": { - "description": "Generic Unindexed Integer 2", - "isPersonal": false, - "title": "Generic Unindexed Integer 2", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger3": { - "description": "Generic Unindexed Integer 3", - "isPersonal": false, - "title": "Generic Unindexed Integer 3", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger4": { - "description": "Generic Unindexed Integer 4", - "isPersonal": false, - "title": "Generic Unindexed Integer 4", - "type": "number", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedInteger5": { - "description": "Generic Unindexed Integer 5", - "isPersonal": false, - "title": "Generic Unindexed Integer 5", - "type": "number", - "usageDescription": "", - "userEditable": true, "viewable": true, }, - "frUnindexedMultivalued1": { - "description": "Generic Unindexed Multivalue 1", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 1", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued2": { - "description": "Generic Unindexed Multivalue 2", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 2", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued3": { - "description": "Generic Unindexed Multivalue 3", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 3", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued4": { - "description": "Generic Unindexed Multivalue 4", - "isPersonal": false, - "items": { - "type": "string", - }, - "title": "Generic Unindexed Multivalue 4", - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedMultivalued5": { - "description": "Generic Unindexed Multivalue 5", - "isPersonal": false, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", "items": { + "title": "Link Qualifiers Items", "type": "string", }, - "title": "Generic Unindexed Multivalue 5", + "title": "Link Qualifiers", "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString1": { - "description": "Generic Unindexed String 1", - "isPersonal": false, - "title": "Generic Unindexed String 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString2": { - "description": "Generic Unindexed String 2", - "isPersonal": false, - "title": "Generic Unindexed String 2", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString3": { - "description": "Generic Unindexed String 3", - "isPersonal": false, - "title": "Generic Unindexed String 3", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString4": { - "description": "Generic Unindexed String 4", - "isPersonal": false, - "title": "Generic Unindexed String 4", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "frUnindexedString5": { - "description": "Generic Unindexed String 5", - "isPersonal": false, - "title": "Generic Unindexed String 5", - "type": "string", - "usageDescription": "", - "userEditable": true, "viewable": true, }, - "givenName": { - "description": "First Name", - "isPersonal": true, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], "searchable": true, - "title": "First Name", + "title": "Mapping", "type": "string", - "usageDescription": "", - "userEditable": true, "viewable": true, }, - "groups": { - "description": "Groups", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", - "isPersonal": false, + "members": { + "description": "Assignment Members", "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", - "notifySelf": true, + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", "properties": { "_ref": { "description": "References a relationship from a managed object", @@ -257472,228 +254346,161 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "type": "string", }, }, - "title": "Groups Items _refProperties", + "title": "Assignment Members Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "conditionalAssociationField": "condition", - "label": "Group", - "path": "managed/bravo_group", + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "assignments", "reverseRelationship": true, - "title": "Groups Items", + "title": "Assignment Members Items", "type": "relationship", "validate": true, }, - "relationshipGrantTemporalConstraintsEnforced": false, "returnByDefault": false, - "title": "Groups", + "title": "Assignment Members", "type": "array", - "usageDescription": "", - "userEditable": false, "viewable": true, }, - "kbaInfo": { - "description": "KBA Info", - "isPersonal": true, - "items": { - "order": [ - "answer", - "customQuestion", - "questionId", - ], - "properties": { - "answer": { - "description": "Answer", - "type": "string", - }, - "customQuestion": { - "description": "Custom question", - "type": "string", - }, - "questionId": { - "description": "Question ID", - "type": "string", - }, - }, - "required": [], - "title": "KBA Info Items", - "type": "object", - }, - "type": "array", - "usageDescription": "", - "userEditable": true, - "viewable": false, - }, - "lastSync": { - "description": "Last Sync timestamp", - "isPersonal": false, - "order": [ - "effectiveAssignments", - "timestamp", - ], - "properties": { - "effectiveAssignments": { - "description": "Effective Assignments", - "items": { - "title": "Effective Assignments Items", - "type": "object", - }, - "title": "Effective Assignments", - "type": "array", - }, - "timestamp": { - "description": "Timestamp", - "type": "string", - }, - }, - "required": [], - "scope": "private", - "searchable": false, - "title": "Last Sync timestamp", - "type": "object", - "usageDescription": "", - "viewable": false, - }, - "mail": { - "description": "Email Address", - "isPersonal": true, - "policies": [ - { - "policyId": "valid-email-address-format", - }, - ], + "name": { + "description": "The assignment name, used for display purposes.", "searchable": true, - "title": "Email Address", + "title": "Name", "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "manager": { - "description": "Manager", - "isPersonal": false, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Manager _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "reports", - "reverseRelationship": true, - "searchable": false, - "title": "Manager", - "type": "relationship", - "usageDescription": "", - "userEditable": false, - "validate": true, "viewable": true, }, - "memberOfOrg": { + "roles": { + "description": "Managed Roles", "items": { - "notifySelf": true, + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", "properties": { "_ref": { + "description": "References a relationship from a managed object", "type": "string", }, "_refProperties": { + "description": "Supports metadata within the relationship", "properties": { "_id": { - "propName": "_id", - "required": false, + "description": "_refProperties object ID", "type": "string", }, }, + "title": "Managed Roles Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "label": "Organization", - "notify": false, - "path": "managed/bravo_organization", + "label": "Role", + "notify": true, + "path": "managed/role", "query": { "fields": [ "name", ], "queryFilter": "true", - "sortKeys": [], }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "assignments", "reverseRelationship": true, + "title": "Managed Roles Items", "type": "relationship", "validate": true, }, - "policies": [], "returnByDefault": false, - "searchable": false, - "title": "Organizations to which I Belong", + "title": "Managed Roles", "type": "array", "userEditable": false, "viewable": true, }, - "memberOfOrgIDs": { + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Assignment", + "type": "object", + }, + }, + { + "name": "organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { "isVirtual": true, "items": { - "title": "org identifiers", + "title": "admin ids", "type": "string", }, "queryConfig": { "flattenProperties": true, "referencedObjectFields": [ "_id", - "parentIDs", ], "referencedRelationshipFields": [ - "memberOfOrg", + "admins", ], }, "returnByDefault": true, "searchable": false, - "title": "MemberOfOrgIDs", + "title": "Admin user ids", "type": "array", "userEditable": false, "viewable": false, }, - "ownerOfApp": { + "admins": { "items": { + "notifySelf": true, "properties": { "_ref": { "type": "string", @@ -257701,7 +254508,8 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "_refProperties": { "properties": { "_id": { - "description": "_refProperties object ID", + "propName": "_id", + "required": false, "type": "string", }, }, @@ -257710,34 +254518,39 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "resourceCollection": [ { - "label": "Application", - "path": "managed/bravo_application", + "label": "User", + "notify": false, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", - "sortKeys": [ - "name", - ], + "sortKeys": [], }, }, ], - "reversePropertyName": "owners", + "reversePropertyName": "adminOfOrg", "reverseRelationship": true, "type": "relationship", "validate": true, }, + "notifyRelationships": [ + "children", + ], "returnByDefault": false, "searchable": false, - "title": "Applications I Own", + "title": "Administrators", "type": "array", "userEditable": false, "viewable": true, }, - "ownerOfOrg": { + "children": { + "description": "Child Organizations", "items": { - "notifySelf": false, + "notifySelf": true, "properties": { "_ref": { "type": "string", @@ -257757,17 +254570,18 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou { "label": "Organization", "notify": true, - "path": "managed/bravo_organization", + "path": "managed/organization", "query": { "fields": [ "name", + "description", ], "queryFilter": "true", "sortKeys": [], }, }, ], - "reversePropertyName": "owners", + "reversePropertyName": "parent", "reverseRelationship": true, "type": "relationship", "validate": true, @@ -257775,102 +254589,41 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "policies": [], "returnByDefault": false, "searchable": false, - "title": "Organizations I Own", + "title": "Child Organizations", "type": "array", "userEditable": false, - "viewable": true, - }, - "password": { - "description": "Password", - "isPersonal": false, - "isProtected": true, - "scope": "private", - "searchable": false, - "title": "Password", - "type": "string", - "usageDescription": "", - "userEditable": true, "viewable": false, }, - "postalAddress": { - "description": "Address 1", - "isPersonal": true, - "title": "Address 1", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "postalCode": { - "description": "Postal Code", - "isPersonal": false, - "title": "Postal Code", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "preferences": { - "description": "Preferences", - "isPersonal": false, - "order": [ - "updates", - "marketing", - ], - "properties": { - "marketing": { - "description": "Send me special offers and services", - "type": "boolean", - }, - "updates": { - "description": "Send me news and updates", - "type": "boolean", - }, - }, - "required": [], - "searchable": false, - "title": "Preferences", - "type": "object", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "profileImage": { - "description": "Profile Image", - "isPersonal": true, + "description": { "searchable": true, - "title": "Profile Image", + "title": "Description", "type": "string", - "usageDescription": "", "userEditable": true, - "viewable": false, + "viewable": true, }, - "reports": { - "description": "Direct Reports", - "isPersonal": false, + "members": { "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "notifySelf": false, "properties": { "_ref": { - "description": "References a relationship from a managed object", "type": "string", }, "_refProperties": { - "description": "Supports metadata within the relationship", "properties": { "_id": { - "description": "_refProperties object ID", + "propName": "_id", + "required": false, "type": "string", }, }, - "title": "Direct Reports Items _refProperties", "type": "object", }, }, "resourceCollection": [ { "label": "User", - "path": "managed/bravo_user", + "notify": true, + "path": "managed/user", "query": { "fields": [ "userName", @@ -257878,2787 +254631,631 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "sn", ], "queryFilter": "true", + "sortKeys": [], }, }, ], - "reversePropertyName": "manager", + "reversePropertyName": "memberOfOrg", "reverseRelationship": true, - "title": "Direct Reports Items", "type": "relationship", "validate": true, }, "returnByDefault": false, - "title": "Direct Reports", + "searchable": false, + "title": "Members", "type": "array", - "usageDescription": "", "userEditable": false, "viewable": true, }, - "roles": { - "description": "Provisioning Roles", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", - "isPersonal": false, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "owners": { "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", "notifySelf": true, "properties": { "_ref": { - "description": "References a relationship from a managed object", "type": "string", }, "_refProperties": { - "description": "Supports metadata within the relationship", "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, "_id": { - "description": "_refProperties object ID", + "propName": "_id", + "required": false, "type": "string", }, }, - "title": "Provisioning Roles Items _refProperties", "type": "object", }, }, "resourceCollection": [ { - "conditionalAssociationField": "condition", - "label": "Role", - "path": "managed/bravo_role", + "label": "User", + "notify": false, + "path": "managed/user", "query": { "fields": [ - "name", + "userName", + "givenName", + "sn", ], "queryFilter": "true", + "sortKeys": [], }, }, ], - "reversePropertyName": "members", + "reversePropertyName": "ownerOfOrg", "reverseRelationship": true, - "title": "Provisioning Roles Items", "type": "relationship", "validate": true, }, - "relationshipGrantTemporalConstraintsEnforced": true, + "notifyRelationships": [ + "children", + ], "returnByDefault": false, - "title": "Provisioning Roles", + "searchable": false, + "title": "Owner", "type": "array", - "usageDescription": "", "userEditable": false, "viewable": true, }, - "sn": { - "description": "Last Name", - "isPersonal": true, - "searchable": true, - "title": "Last Name", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "stateProvince": { - "description": "State/Province", - "isPersonal": false, - "title": "State/Province", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "telephoneNumber": { - "description": "Telephone Number", - "isPersonal": true, - "pattern": "^\\+?([0-9\\- \\(\\)])*$", - "title": "Telephone Number", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - "userName": { - "description": "Username", - "isPersonal": true, - "minLength": 1, - "policies": [ - { - "policyId": "valid-username", - }, - { - "params": { - "forbiddenChars": [ - "/", - ], - }, - "policyId": "cannot-contain-characters", - }, - { - "params": { - "minLength": 1, - }, - "policyId": "minimum-length", - }, - { - "params": { - "maxLength": 255, - }, - "policyId": "maximum-length", - }, - ], - "searchable": true, - "title": "Username", - "type": "string", - "usageDescription": "", - "userEditable": true, - "viewable": true, - }, - }, - "required": [ - "userName", - "givenName", - "sn", - "mail", - ], - "title": "Bravo realm - User", - "type": "object", - "viewable": true, - }, - }, - { - "name": "alpha_role", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "", - "icon": "fa-check-square-o", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", - "mat-icon": "assignment_ind", - "order": [ - "_id", - "name", - "description", - "members", - "assignments", - "applications", - "condition", - "temporalConstraints", - ], - "properties": { - "_id": { - "description": "Role ID", - "searchable": false, - "title": "Name", - "type": "string", - "viewable": false, - }, - "applications": { - "description": "Role Applications", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Role Application Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Application", - "path": "managed/alpha_application", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Role Application Items", - "type": "relationship", - "validate": true, - }, + "parent": { + "description": "Parent Organization", "notifyRelationships": [ + "children", "members", ], - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Applications", - "type": "array", - "viewable": false, - }, - "assignments": { - "description": "Managed Assignments", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Managed Assignments Items _refProperties", - "type": "object", - }, + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", }, - "resourceCollection": [ - { - "label": "Assignment", - "path": "managed/alpha_assignment", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Managed Assignments Items", - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "members", - ], - "returnByDefault": false, - "title": "Managed Assignments", - "type": "array", - "viewable": true, - }, - "condition": { - "description": "A conditional filter for this role", - "isConditional": true, - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, - }, - "description": { - "description": "The role description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "members": { - "description": "Role Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", }, - "title": "Role Members Items _refProperties", - "type": "object", }, + "type": "object", }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Role Members Items", - "type": "relationship", - "validate": true, }, - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Role Members", - "type": "array", - "viewable": true, - }, - "name": { - "description": "The role name, used for display purposes.", - "policies": [ + "resourceCollection": [ { - "policyId": "unique", + "label": "Organization", + "notify": false, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, }, ], - "searchable": true, - "title": "Name", - "type": "string", + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, "viewable": true, }, - "temporalConstraints": { - "description": "An array of temporal constraints for a role", - "isTemporalConstraint": true, + "parentAdminIDs": { + "isVirtual": true, "items": { - "order": [ - "duration", + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", ], - "properties": { - "duration": { - "description": "Duration", - "type": "string", - }, - }, - "required": [ - "duration", + "referencedRelationshipFields": [ + "parent", ], - "title": "Temporal Constraints Items", - "type": "object", }, - "notifyRelationships": [ - "members", - ], "returnByDefault": true, - "title": "Temporal Constraints", - "type": "array", - "viewable": false, - }, - }, - "required": [ - "name", - ], - "title": "Alpha realm - Role", - "type": "object", - }, - }, - { - "name": "bravo_role", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "", - "icon": "fa-check-square-o", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", - "mat-icon": "assignment_ind", - "order": [ - "_id", - "name", - "description", - "members", - "assignments", - "applications", - "condition", - "temporalConstraints", - ], - "properties": { - "_id": { - "description": "Role ID", "searchable": false, - "title": "Name", - "type": "string", - "viewable": false, - }, - "applications": { - "description": "Role Applications", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Role Application Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Application", - "path": "managed/bravo_application", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Role Application Items", - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "members", - ], - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Applications", + "title": "user ids of parent admins", "type": "array", + "userEditable": false, "viewable": false, }, - "assignments": { - "description": "Managed Assignments", + "parentIDs": { + "isVirtual": true, "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", - "notifySelf": true, - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Managed Assignments Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Assignment", - "path": "managed/bravo_assignment", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Managed Assignments Items", - "type": "relationship", - "validate": true, }, - "notifyRelationships": [ - "members", - ], - "returnByDefault": false, - "title": "Managed Assignments", - "type": "array", - "viewable": true, - }, - "condition": { - "description": "A conditional filter for this role", - "isConditional": true, + "returnByDefault": true, "searchable": false, - "title": "Condition", - "type": "string", + "title": "parent org ids", + "type": "array", + "userEditable": false, "viewable": false, }, - "description": { - "description": "The role description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "members": { - "description": "Role Members", + "parentOwnerIDs": { + "isVirtual": true, "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Role Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "roles", - "reverseRelationship": true, - "title": "Role Members Items", - "type": "relationship", - "validate": true, + "title": "user ids of parent owners", + "type": "string", }, - "relationshipGrantTemporalConstraintsEnforced": true, - "returnByDefault": false, - "title": "Role Members", - "type": "array", - "viewable": true, - }, - "name": { - "description": "The role name, used for display purposes.", - "policies": [ - { - "policyId": "unique", - }, - ], - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, - }, - "temporalConstraints": { - "description": "An array of temporal constraints for a role", - "isTemporalConstraint": true, - "items": { - "order": [ - "duration", + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", ], - "properties": { - "duration": { - "description": "Duration", - "type": "string", - }, - }, - "required": [ - "duration", + "referencedRelationshipFields": [ + "parent", ], - "title": "Temporal Constraints Items", - "type": "object", }, - "notifyRelationships": [ - "members", - ], "returnByDefault": true, - "title": "Temporal Constraints", + "searchable": false, + "title": "user ids of parent owners", "type": "array", + "userEditable": false, "viewable": false, }, }, "required": [ "name", ], - "title": "Bravo realm - Role", + "title": "Organization", "type": "object", }, }, { - "attributeEncryption": {}, - "name": "alpha_assignment", + "name": "seantestmanagedobject", "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "A role assignment", - "icon": "fa-key", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", - "mat-icon": "vpn_key", - "order": [ - "_id", - "name", - "description", - "type", - "mapping", - "attributes", - "linkQualifiers", - "roles", - "members", - "condition", - "weight", - ], - "properties": { - "_id": { - "description": "The assignment ID", - "searchable": false, - "title": "Name", - "type": "string", - "viewable": false, - }, - "attributes": { - "description": "The attributes operated on by this assignment.", - "items": { - "order": [ - "assignmentOperation", - "unassignmentOperation", - "name", - "value", - ], - "properties": { - "assignmentOperation": { - "description": "Assignment operation", - "type": "string", - }, - "name": { - "description": "Name", - "type": "string", - }, - "unassignmentOperation": { - "description": "Unassignment operation", - "type": "string", - }, - "value": { - "description": "Value", - "type": "string", - }, + "description": null, + "icon": "fa-database", + "mat-icon": null, + "title": null, + }, + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/metrics.idm.json 1`] = ` +{ + "idm": { + "metrics": { + "_id": "metrics", + "enabled": false, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/notification/passwordUpdate.idm.json 1`] = ` +{ + "idm": { + "notification/passwordUpdate": { + "_id": "notification/passwordUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "password", + ], + }, + "type": "groovy", + }, + "enabled": { + "$bool": "&{openidm.notifications.passwordUpdate|false}", + }, + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your password has been updated.", + "notificationType": "info", + }, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/notification/profileUpdate.idm.json 1`] = ` +{ + "idm": { + "notification/profileUpdate": { + "_id": "notification/profileUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "userName", + "givenName", + "sn", + "mail", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "preferences", + ], + }, + "type": "groovy", + }, + "enabled": { + "$bool": "&{openidm.notifications.profileUpdate|false}", + }, + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your profile has been updated.", + "notificationType": "info", + }, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/notificationFactory.idm.json 1`] = ` +{ + "idm": { + "notificationFactory": { + "_id": "notificationFactory", + "enabled": { + "$bool": "&{openidm.notifications|false}", + }, + "threadPool": { + "maxPoolThreads": 2, + "maxQueueSize": 20000, + "steadyPoolThreads": 1, + "threadKeepAlive": 60, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/policy.idm.json 1`] = ` +{ + "idm": { + "policy": { + "_id": "policy", + "additionalFiles": [], + "file": "policy.js", + "resources": [ + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getRegistrationProperties()", + "type": "text/javascript", + }, + "resource": "selfservice/registration", + }, + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getResetProperties()", + "type": "text/javascript", + }, + "resource": "selfservice/reset", + }, + { + "properties": [ + { + "name": "_id", + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], }, - "required": [], - "title": "Assignment Attributes Items", - "type": "object", + "policyId": "cannot-contain-characters", }, - "notifyRelationships": [ - "roles", - "members", - ], - "title": "Assignment Attributes", - "type": "array", - "viewable": true, - }, - "condition": { - "description": "A conditional filter for this assignment", - "isConditional": true, - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, - }, - "description": { - "description": "The assignment description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "linkQualifiers": { - "description": "Conditional link qualifiers to restrict this assignment to.", - "items": { - "title": "Link Qualifiers Items", - "type": "string", + ], + }, + { + "name": "password", + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", }, - "title": "Link Qualifiers", - "type": "array", - "viewable": true, - }, - "mapping": { - "description": "The name of the mapping this assignment applies to", - "policies": [ - { - "policyId": "mapping-exists", + ], + }, + ], + "resource": "internal/user/*", + }, + { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], }, - ], - "searchable": true, - "title": "Mapping", - "type": "string", - "viewable": true, - }, - "members": { - "description": "Assignment Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Assignment Members Items _refProperties", - "type": "object", - }, + "policyId": "cannot-contain-characters", + }, + ], + }, + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", + }, + ], + }, + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + }, + { + "name": "privileges", + "policies": [ + { + "params": { + "types": [ + "array", + ], }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", + "policyId": "valid-type", + }, + { + "params": { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "string", + ], + }, + "policyId": "valid-type", + }, ], - "queryFilter": "true", }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Assignment Members Items", - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "title": "Assignment Members", - "type": "array", - "viewable": true, - }, - "name": { - "description": "The assignment name, used for display purposes.", - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, - }, - "roles": { - "description": "Managed Roles", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, + { + "name": "path", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "policyId": "valid-privilege-path", + }, + ], }, - "title": "Managed Roles Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/alpha_role", - "query": { - "fields": [ - "name", + { + "name": "accessFlags", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-accessFlags-object", + }, ], - "queryFilter": "true", }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Managed Roles Items", - "type": "relationship", - "validate": true, + { + "name": "actions", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + ], + }, + { + "name": "permissions", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-permissions", + }, + ], + }, + { + "name": "filter", + "policies": [ + { + "params": { + "types": [ + "string", + "null", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-query-filter", + }, + ], + }, + ], + }, + "policyId": "valid-array-items", }, - "returnByDefault": false, - "title": "Managed Roles", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "type": { - "description": "The type of object this assignment represents", - "title": "Type", - "type": "string", - "viewable": true, - }, - "weight": { - "description": "The weight of the assignment.", - "notifyRelationships": [ - "roles", - "members", - ], - "searchable": false, - "title": "Weight", - "type": [ - "number", - "null", - ], - "viewable": true, - }, + ], }, - "required": [ - "name", - "description", - "mapping", - ], - "title": "Alpha realm - Assignment", - "type": "object", - }, + ], + "resource": "internal/role/*", }, { - "attributeEncryption": {}, - "name": "bravo_assignment", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "A role assignment", - "icon": "fa-key", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", - "mat-icon": "vpn_key", - "order": [ - "_id", - "name", - "description", - "type", - "mapping", - "attributes", - "linkQualifiers", - "roles", - "members", - "condition", - "weight", - ], - "properties": { - "_id": { - "description": "The assignment ID", - "searchable": false, - "title": "Name", - "type": "string", - "viewable": false, - }, - "attributes": { - "description": "The attributes operated on by this assignment.", - "items": { - "order": [ - "assignmentOperation", - "unassignmentOperation", - "name", - "value", - ], - "properties": { - "assignmentOperation": { - "description": "Assignment operation", - "type": "string", - }, - "name": { - "description": "Name", - "type": "string", - }, - "unassignmentOperation": { - "description": "Unassignment operation", - "type": "string", - }, - "value": { - "description": "Value", - "type": "string", - }, - }, - "required": [], - "title": "Assignment Attributes Items", - "type": "object", - }, - "notifyRelationships": [ - "roles", - "members", - ], - "title": "Assignment Attributes", - "type": "array", - "viewable": true, - }, - "condition": { - "description": "A conditional filter for this assignment", - "isConditional": true, - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, - }, - "description": { - "description": "The assignment description, used for display purposes.", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "linkQualifiers": { - "description": "Conditional link qualifiers to restrict this assignment to.", - "items": { - "title": "Link Qualifiers Items", - "type": "string", - }, - "title": "Link Qualifiers", - "type": "array", - "viewable": true, - }, - "mapping": { - "description": "The name of the mapping this assignment applies to", - "policies": [ - { - "policyId": "mapping-exists", - }, - ], - "searchable": true, - "title": "Mapping", - "type": "string", - "viewable": true, - }, - "members": { - "description": "Assignment Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Assignment Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Assignment Members Items", - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "title": "Assignment Members", - "type": "array", - "viewable": true, - }, - "name": { - "description": "The assignment name, used for display purposes.", - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, - }, - "roles": { - "description": "Managed Roles", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Managed Roles Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/bravo_role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "assignments", - "reverseRelationship": true, - "title": "Managed Roles Items", - "type": "relationship", - "validate": true, + "properties": [ + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", }, - "returnByDefault": false, - "title": "Managed Roles", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "type": { - "description": "The type of object this assignment represents", - "title": "Type", - "type": "string", - "viewable": true, - }, - "weight": { - "description": "The weight of the assignment.", - "notifyRelationships": [ - "roles", - "members", - ], - "searchable": false, - "title": "Weight", - "type": [ - "number", - "null", - ], - "viewable": true, - }, + ], }, - "required": [ - "name", - "description", - "mapping", - ], - "title": "Bravo realm - Assignment", - "type": "object", - }, - }, - { - "name": "alpha_organization", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "An organization or tenant, whose resources are managed by organizational admins.", - "icon": "fa-building", - "mat-icon": "domain", - "order": [ - "name", - "description", - "owners", - "admins", - "members", - "parent", - "children", - "adminIDs", - "ownerIDs", - "parentAdminIDs", - "parentOwnerIDs", - "parentIDs", - ], - "properties": { - "adminIDs": { - "isVirtual": true, - "items": { - "title": "admin ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "admins", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Admin user ids", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "admins": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "adminOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Administrators", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "children": { - "description": "Child Organizations", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": true, - "path": "managed/alpha_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "parent", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Child Organizations", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "description": { - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "members": { - "items": { - "notifySelf": false, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "memberOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "name": { - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "ownerIDs": { - "isVirtual": true, - "items": { - "title": "owner ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "owners", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Owner user ids", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "owners": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "ownerOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Owner", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "parent": { - "description": "Parent Organization", - "notifyRelationships": [ - "children", - "members", - ], - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": false, - "path": "managed/alpha_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "returnByDefault": false, - "reversePropertyName": "children", - "reverseRelationship": true, - "searchable": false, - "title": "Parent Organization", - "type": "relationship", - "userEditable": false, - "validate": true, - "viewable": true, - }, - "parentAdminIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent admins", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "adminIDs", - "parentAdminIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent admins", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "parentIDs": { - "isVirtual": true, - "items": { - "title": "parent org ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - "parentIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "parent org ids", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "parentOwnerIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent owners", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "ownerIDs", - "parentOwnerIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent owners", - "type": "array", - "userEditable": false, - "viewable": false, - }, + ], }, - "required": [ - "name", - ], - "title": "Alpha realm - Organization", - "type": "object", - }, + ], + "resource": "managed/role/*", }, { - "name": "bravo_organization", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "An organization or tenant, whose resources are managed by organizational admins.", - "icon": "fa-building", - "mat-icon": "domain", - "order": [ - "name", - "description", - "owners", - "admins", - "members", - "parent", - "children", - "adminIDs", - "ownerIDs", - "parentAdminIDs", - "parentOwnerIDs", - "parentIDs", - ], - "properties": { - "adminIDs": { - "isVirtual": true, - "items": { - "title": "admin ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "admins", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Admin user ids", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "admins": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "adminOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Administrators", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "children": { - "description": "Child Organizations", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": true, - "path": "managed/bravo_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "parent", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Child Organizations", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "description": { - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "members": { - "items": { - "notifySelf": false, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "memberOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "name": { - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "ownerIDs": { - "isVirtual": true, - "items": { - "title": "owner ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - ], - "referencedRelationshipFields": [ - "owners", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "Owner user ids", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "owners": { - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": false, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "ownerOfOrg", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "notifyRelationships": [ - "children", - ], - "returnByDefault": false, - "searchable": false, - "title": "Owner", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "parent": { - "description": "Parent Organization", - "notifyRelationships": [ - "children", - "members", - ], - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Organization", - "notify": false, - "path": "managed/bravo_organization", - "query": { - "fields": [ - "name", - "description", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "returnByDefault": false, - "reversePropertyName": "children", - "reverseRelationship": true, - "searchable": false, - "title": "Parent Organization", - "type": "relationship", - "userEditable": false, - "validate": true, - "viewable": true, - }, - "parentAdminIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent admins", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "adminIDs", - "parentAdminIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent admins", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "parentIDs": { - "isVirtual": true, - "items": { - "title": "parent org ids", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "_id", - "parentIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], - }, - "returnByDefault": true, - "searchable": false, - "title": "parent org ids", - "type": "array", - "userEditable": false, - "viewable": false, - }, - "parentOwnerIDs": { - "isVirtual": true, - "items": { - "title": "user ids of parent owners", - "type": "string", - }, - "queryConfig": { - "flattenProperties": true, - "referencedObjectFields": [ - "ownerIDs", - "parentOwnerIDs", - ], - "referencedRelationshipFields": [ - "parent", - ], + "properties": [ + { + "name": "objects", + "policies": [ + { + "policyId": "valid-event-scripts", }, - "returnByDefault": true, - "searchable": false, - "title": "user ids of parent owners", - "type": "array", - "userEditable": false, - "viewable": false, - }, + ], }, - "required": [ - "name", - ], - "title": "Bravo realm - Organization", - "type": "object", - }, + ], + "resource": "config/managed", }, - { - "name": "alpha_group", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "icon": "fa-group", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", - "mat-icon": "group", - "order": [ - "_id", - "name", - "description", - "condition", - "members", - ], - "properties": { - "_id": { - "description": "Group ID", - "isPersonal": false, - "policies": [ - { - "params": { - "propertyName": "name", - }, - "policyId": "id-must-equal-property", - }, - ], - "searchable": false, - "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": false, - }, - "condition": { - "description": "A filter for conditionally assigned members", - "isConditional": true, - "policies": [ - { - "policyId": "valid-query-filter", - }, - ], - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, - }, - "description": { - "description": "Group Description", - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": false, - "viewable": true, - }, - "members": { - "description": "Group Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "groups", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "name": { - "description": "Group Name", - "policies": [ - { - "policyId": "required", - }, - { - "params": { - "forbiddenChars": [ - "/*", - ], - }, - "policyId": "cannot-contain-characters", - }, - ], - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, - }, - }, - "required": [ - "name", - ], - "title": "Alpha realm - Group", - "viewable": true, - }, - }, - { - "name": "bravo_group", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "icon": "fa-group", - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", - "mat-icon": "group", - "order": [ - "_id", - "name", - "description", - "condition", - "members", - ], - "properties": { - "_id": { - "description": "Group ID", - "isPersonal": false, - "policies": [ - { - "params": { - "propertyName": "name", - }, - "policyId": "id-must-equal-property", - }, - ], - "searchable": false, - "type": "string", - "usageDescription": "", - "userEditable": false, - "viewable": false, - }, - "condition": { - "description": "A filter for conditionally assigned members", - "isConditional": true, - "policies": [ - { - "policyId": "valid-query-filter", - }, - ], - "searchable": false, - "title": "Condition", - "type": "string", - "viewable": false, - }, - "description": { - "description": "Group Description", - "searchable": true, - "title": "Description", - "type": "string", - "userEditable": false, - "viewable": true, - }, - "members": { - "description": "Group Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "conditionalAssociation": true, - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "groups", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "name": { - "description": "Group Name", - "policies": [ - { - "policyId": "required", - }, - { - "params": { - "forbiddenChars": [ - "/*", - ], - }, - "policyId": "cannot-contain-characters", - }, - ], - "searchable": true, - "title": "Name", - "type": "string", - "viewable": true, - }, - }, - "required": [ - "name", - ], - "title": "Bravo realm - Group", - "viewable": true, - }, - }, - { - "name": "alpha_application", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "Application Object", - "icon": "fa-folder", - "order": [ - "name", - "description", - "url", - "icon", - "mappingNames", - "owners", - "roles", - "members", - ], - "properties": { - "_id": { - "description": "Application ID", - "isPersonal": false, - "searchable": false, - "type": "string", - "userEditable": false, - "viewable": false, - }, - "authoritative": { - "description": "Is this an authoritative application", - "searchable": false, - "title": "Authoritative", - "type": "boolean", - "viewable": false, - }, - "connectorId": { - "description": "Id of the connector associated with the application", - "searchable": false, - "title": "Connector ID", - "type": "string", - "userEditable": false, - "viewable": false, - }, - "description": { - "description": "Application Description", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "icon": { - "searchable": true, - "title": "Icon", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "mappingNames": { - "description": "Names of the sync mappings used by an application with provisioning configured.", - "items": { - "title": "Mapping Name Items", - "type": "string", - }, - "searchable": true, - "title": "Sync Mapping Names", - "type": "array", - "viewable": true, - }, - "members": { - "description": "Application Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "name": { - "description": "Application name", - "notifyRelationships": [ - "roles", - "members", - ], - "policies": [ - { - "policyId": "unique", - }, - ], - "returnByDefault": true, - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "owners": { - "description": "Application Owners", - "items": { - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Application _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "path": "managed/alpha_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "ownerOfApp", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Owners", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "roles": { - "description": "Roles granting users the application", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/alpha_role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Roles", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "ssoEntities": { - "description": "SSO Entity Id", - "properties": { - "idpLocation": { - "type": "string", - }, - "idpPrivateId": { - "type": "string", - }, - "spLocation": { - "type": "string", - }, - "spPrivate": { - "type": "string", - }, - }, - "searchable": false, - "title": "SSO Entity Id", - "type": "object", - "userEditable": false, - "viewable": false, - }, - "templateName": { - "description": "Name of the template the application was created from", - "searchable": false, - "title": "Template Name", - "type": "string", - "userEditable": false, - "viewable": false, - }, - "templateVersion": { - "description": "The template version", - "searchable": false, - "title": "Template Version", - "type": "string", - "userEditable": false, - "viewable": false, - }, - "uiConfig": { - "description": "UI Config", - "isPersonal": false, - "properties": {}, - "searchable": false, - "title": "UI Config", - "type": "object", - "usageDescription": "", - "viewable": false, - }, - "url": { - "searchable": true, - "title": "Url", - "type": "string", - "userEditable": true, - "viewable": true, - }, - }, - "required": [ - "name", - ], - "title": "Alpha realm - Application", - "type": "object", - }, - }, - { - "name": "bravo_application", - "schema": { - "$schema": "http://forgerock.org/json-schema#", - "description": "Application Object", - "icon": "fa-folder", - "order": [ - "name", - "description", - "url", - "icon", - "mappingNames", - "owners", - "roles", - "members", - ], - "properties": { - "_id": { - "description": "Application ID", - "isPersonal": false, - "searchable": false, - "type": "string", - "userEditable": false, - "viewable": false, - }, - "authoritative": { - "description": "Is this an authoritative application", - "searchable": false, - "title": "Authoritative", - "type": "boolean", - "viewable": false, - }, - "connectorId": { - "description": "Id of the connector associated with the application", - "searchable": false, - "title": "Connector ID", - "type": "string", - "userEditable": false, - "viewable": false, - }, - "description": { - "description": "Application Description", - "searchable": true, - "title": "Description", - "type": "string", - "viewable": true, - }, - "icon": { - "searchable": true, - "title": "Icon", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "mappingNames": { - "description": "Names of the sync mappings used by an application with provisioning configured.", - "items": { - "title": "Mapping Name Items", - "type": "string", - }, - "searchable": true, - "title": "Sync Mapping Names", - "type": "array", - "viewable": true, - }, - "members": { - "description": "Application Members", - "items": { - "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", - "properties": { - "_ref": { - "description": "References a relationship from a managed object", - "type": "string", - }, - "_refProperties": { - "description": "Supports metadata within the relationship", - "properties": { - "_grantType": { - "description": "Grant Type", - "label": "Grant Type", - "type": "string", - }, - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Group Members Items _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "notify": true, - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "title": "Group Members Items", - "type": "relationship", - "validate": true, - }, - "policies": [], - "returnByDefault": false, - "searchable": false, - "title": "Members", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "name": { - "description": "Application name", - "notifyRelationships": [ - "roles", - "members", - ], - "policies": [ - { - "policyId": "unique", - }, - ], - "returnByDefault": true, - "searchable": true, - "title": "Name", - "type": "string", - "userEditable": true, - "viewable": true, - }, - "owners": { - "description": "Application Owners", - "items": { - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "description": "_refProperties object ID", - "type": "string", - }, - }, - "title": "Application _refProperties", - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "User", - "path": "managed/bravo_user", - "query": { - "fields": [ - "userName", - "givenName", - "sn", - ], - "queryFilter": "true", - }, - }, - ], - "reversePropertyName": "ownerOfApp", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Owners", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "roles": { - "description": "Roles granting users the application", - "items": { - "notifySelf": true, - "properties": { - "_ref": { - "type": "string", - }, - "_refProperties": { - "properties": { - "_id": { - "propName": "_id", - "required": false, - "type": "string", - }, - }, - "type": "object", - }, - }, - "resourceCollection": [ - { - "label": "Role", - "notify": true, - "path": "managed/bravo_role", - "query": { - "fields": [ - "name", - ], - "queryFilter": "true", - "sortKeys": [], - }, - }, - ], - "reversePropertyName": "applications", - "reverseRelationship": true, - "type": "relationship", - "validate": true, - }, - "returnByDefault": false, - "searchable": false, - "title": "Roles", - "type": "array", - "userEditable": false, - "viewable": true, - }, - "ssoEntities": { - "description": "SSO Entity Id", - "properties": { - "idpLocation": { - "type": "string", - }, - "idpPrivateId": { - "type": "string", - }, - "spLocation": { - "type": "string", - }, - "spPrivate": { - "type": "string", - }, - }, - "searchable": false, - "title": "SSO Entity Id", - "type": "object", - "userEditable": false, - "viewable": false, - }, - "templateName": { - "description": "Name of the template the application was created from", - "searchable": false, - "title": "Template Name", - "type": "string", - "userEditable": false, - "viewable": false, - }, - "templateVersion": { - "description": "The template version", - "searchable": false, - "title": "Template Version", - "type": "string", - "userEditable": false, - "viewable": false, - }, - "uiConfig": { - "description": "UI Config", - "isPersonal": false, - "properties": {}, - "searchable": false, - "title": "UI Config", - "type": "object", - "usageDescription": "", - "viewable": false, - }, - "url": { - "searchable": true, - "title": "Url", - "type": "string", - "userEditable": true, - "viewable": true, - }, - }, - "required": [ - "name", - ], - "title": "Bravo realm - Application", - "type": "object", - }, - }, - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/policy.idm.json 1`] = ` -{ - "idm": { - "policy": { - "_id": "policy", - "additionalFiles": [], - "resources": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privilegeAssignments.idm.json 1`] = ` -{ - "idm": { - "privilegeAssignments": { - "_id": "privilegeAssignments", - "privilegeAssignments": [ + ], + "type": "text/javascript", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/privilegeAssignments.idm.json 1`] = ` +{ + "idm": { + "privilegeAssignments": { + "_id": "privilegeAssignments", + "privilegeAssignments": [ { "name": "ownerPrivileges", "privileges": [ @@ -260688,1672 +255285,767 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privileges.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/privileges.idm.json 1`] = ` { "idm": { "privileges": { "_id": "privileges", - "privileges": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openic/GoogleApps.idm.json 1`] = ` -{ - "idm": { - "provisioner.openic/GoogleApps": { - "_id": "provisioner.openic/GoogleApps", - "configurationProperties": { - "availableLicenses": [ - "101005/1010050001", - "101001/1010010001", - "101031/1010310010", - "101034/1010340002", - "101038/1010380002", - "101034/1010340001", - "101038/1010380003", - "101034/1010340004", - "101034/1010340003", - "101034/1010340006", - "Google-Apps/Google-Apps-For-Business", - "101034/1010340005", - "Google-Vault/Google-Vault", - "Google-Apps/1010020031", - "Google-Apps/1010020030", - "Google-Apps/1010060003", - "Google-Apps/1010060005", - "Google-Apps/Google-Apps-Unlimited", - "Google-Apps/1010020029", - "Google-Apps/Google-Apps-Lite", - "101031/1010310003", - "101033/1010330002", - "101033/1010330004", - "Google-Apps/Google-Apps-For-Education", - "101031/1010310002", - "101033/1010330003", - "Google-Apps/1010020026", - "101031/1010310007", - "Google-Apps/1010020025", - "101031/1010310008", - "Google-Apps/1010020028", - "Google-Apps/Google-Apps-For-Postini", - "101031/1010310005", - "Google-Apps/1010020027", - "101031/1010310006", - "101031/1010310009", - "Google-Vault/Google-Vault-Former-Employee", - "101038/1010370001", - "Google-Apps/1010020020", - "Google-Apps/1010060001", - ], - "clientId": "&{esv.gac.client.id}", - "clientSecret": "&{esv.gac.secret}", - "domain": "&{esv.gac.domain}", - "groupsMaxResults": "200", - "listProductAndSkuMaxResults": "100", - "listProductMaxResults": "100", - "membersMaxResults": "200", - "proxyHost": null, - "proxyPort": 8080, - "refreshToken": "&{esv.gac.refresh}", - "roleAssignmentMaxResults": 100, - "roleMaxResults": 100, - "usersMaxResults": "100", - "validateCertificate": true, - }, - "connectorRef": { - "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", - "bundleVersion": "[1.5.0.0,1.6.0.0)", - "connectorHostRef": "", - "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", - "displayName": "GoogleApps Connector", - "systemType": "provisioner.openicf", - }, - "enabled": { - "$bool": "&{esv.gac.enable.connector}", - }, - "objectTypes": { - "__ACCOUNT__": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__ACCOUNT__", - "nativeType": "__ACCOUNT__", - "properties": { - "__GROUPS__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__GROUPS__", - "nativeType": "string", - "type": "array", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, }, - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", + { + "attribute": "description", + "readOnly": false, }, - "__PASSWORD__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PASSWORD__", - "nativeType": "JAVA_TYPE_GUARDEDSTRING", - "required": true, - "type": "string", + { + "attribute": "owners", + "readOnly": true, }, - "__PHOTO__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PHOTO__", - "nativeType": "JAVA_TYPE_BYTE_ARRAY", - "type": "string", + { + "attribute": "admins", + "readOnly": false, }, - "__SECONDARY_EMAILS__": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__SECONDARY_EMAILS__", - "nativeType": "object", - "type": "array", + { + "attribute": "members", + "readOnly": false, }, - "__UID__": { - "nativeName": "__UID__", - "nativeType": "string", - "required": false, - "type": "string", + { + "attribute": "parent", + "readOnly": false, }, - "addresses": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "addresses", - "nativeType": "object", - "type": "array", + { + "attribute": "children", + "readOnly": false, }, - "agreedToTerms": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "agreedToTerms", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", + { + "attribute": "parentIDs", + "readOnly": true, }, - "aliases": { - "flags": [ - "NOT_CREATABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "aliases", - "nativeType": "string", - "type": "array", + { + "attribute": "adminIDs", + "readOnly": true, }, - "archived": { - "nativeName": "archived", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "parentAdminIDs", + "readOnly": true, }, - "changePasswordAtNextLogin": { - "nativeName": "changePasswordAtNextLogin", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "ownerIDs", + "readOnly": true, }, - "creationTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "creationTime", - "nativeType": "string", - "type": "array", + { + "attribute": "parentOwnerIDs", + "readOnly": true, }, - "customSchemas": { - "nativeName": "customSchemas", - "nativeType": "object", - "type": "object", + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, }, - "customerId": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "customerId", - "nativeType": "string", - "type": "string", + { + "attribute": "description", + "readOnly": false, }, - "deletionTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "deletionTime", - "nativeType": "string", - "type": "string", + { + "attribute": "owners", + "readOnly": true, }, - "externalIds": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "externalIds", - "nativeType": "object", - "type": "array", + { + "attribute": "admins", + "readOnly": false, }, - "familyName": { - "nativeName": "familyName", - "nativeType": "string", - "type": "string", + { + "attribute": "members", + "readOnly": false, }, - "fullName": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "fullName", - "nativeType": "string", - "type": "string", + { + "attribute": "parent", + "readOnly": false, }, - "givenName": { - "nativeName": "givenName", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "children", + "readOnly": false, }, - "hashFunction": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "hashFunction", - "nativeType": "string", - "type": "string", + { + "attribute": "parentIDs", + "readOnly": true, }, - "ims": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "ims", - "nativeType": "object", - "type": "array", + { + "attribute": "adminIDs", + "readOnly": true, }, - "includeInGlobalAddressList": { - "nativeName": "includeInGlobalAddressList", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "parentAdminIDs", + "readOnly": true, }, - "ipWhitelisted": { - "nativeName": "ipWhitelisted", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "ownerIDs", + "readOnly": true, }, - "isAdmin": { - "nativeName": "isAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", + { + "attribute": "parentOwnerIDs", + "readOnly": true, }, - "isDelegatedAdmin": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isDelegatedAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, }, - "isEnforcedIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnforcedIn2Sv", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "password", + "readOnly": false, }, - "isEnrolledIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnrolledIn2Sv", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "givenName", + "readOnly": false, }, - "isMailboxSetup": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isMailboxSetup", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "sn", + "readOnly": false, }, - "languages": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "languages", - "nativeType": "object", - "type": "array", + { + "attribute": "mail", + "readOnly": false, }, - "lastLoginTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "lastLoginTime", - "nativeType": "string", - "type": "array", + { + "attribute": "description", + "readOnly": false, }, - "nonEditableAliases": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "nonEditableAliases", - "nativeType": "string", - "type": "array", + { + "attribute": "accountStatus", + "readOnly": false, }, - "orgUnitPath": { - "nativeName": "orgUnitPath", - "nativeType": "string", - "type": "string", + { + "attribute": "telephoneNumber", + "readOnly": false, }, - "organizations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "organizations", - "nativeType": "object", - "type": "array", + { + "attribute": "postalAddress", + "readOnly": false, }, - "phones": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "phones", - "nativeType": "object", - "type": "array", + { + "attribute": "city", + "readOnly": false, }, - "primaryEmail": { - "nativeName": "primaryEmail", - "nativeType": "string", - "type": "string", + { + "attribute": "postalCode", + "readOnly": false, }, - "recoveryEmail": { - "nativeName": "recoveryEmail", - "nativeType": "string", - "type": "string", + { + "attribute": "country", + "readOnly": false, }, - "recoveryPhone": { - "nativeName": "recoveryPhone", - "nativeType": "string", - "type": "string", + { + "attribute": "stateProvince", + "readOnly": false, }, - "relations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "relations", - "nativeType": "object", - "type": "array", + { + "attribute": "roles", + "readOnly": false, }, - "suspended": { - "nativeName": "suspended", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "manager", + "readOnly": false, }, - "suspensionReason": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "suspensionReason", - "nativeType": "string", - "type": "string", + { + "attribute": "authzRoles", + "readOnly": false, }, - "thumbnailPhotoUrl": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "thumbnailPhotoUrl", - "nativeType": "string", - "type": "string", + { + "attribute": "reports", + "readOnly": false, }, - }, - "type": "object", - }, - }, - "operationTimeout": { - "AUTHENTICATE": -1, - "CREATE": -1, - "DELETE": -1, - "GET": -1, - "RESOLVEUSERNAME": -1, - "SCHEMA": -1, - "SCRIPT_ON_CONNECTOR": -1, - "SCRIPT_ON_RESOURCE": -1, - "SEARCH": -1, - "SYNC": -1, - "TEST": -1, - "UPDATE": -1, - "VALIDATE": -1, - }, - "poolConfigOption": { - "maxIdle": 10, - "maxObjects": 10, - "maxWait": 150000, - "minEvictableIdleTimeMillis": 120000, - "minIdle": 1, - }, - "resultsHandlerConfig": { - "enableAttributesToGetSearchResultsHandler": true, - "enableCaseInsensitiveFilter": false, - "enableFilteredResultsHandler": false, - "enableNormalizingResultsHandler": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf.connectorinfoprovider.idm.json 1`] = ` -{ - "idm": { - "provisioner.openicf.connectorinfoprovider": { - "_id": "provisioner.openicf.connectorinfoprovider", - "connectorsLocation": "connectors", - "remoteConnectorClients": [ - { - "enabled": true, - "name": "rcs1", - "useSSL": true, - }, - ], - "remoteConnectorClientsGroups": [], - "remoteConnectorServers": [], - "remoteConnectorServersGroups": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/Azure.idm.json 1`] = ` -{ - "idm": { - "provisioner.openicf/Azure": { - "_id": "provisioner.openicf/Azure", - "configurationProperties": { - "clientId": "4b07adcc-329c-434c-aa83-49a14bef3c49", - "clientSecret": { - "$crypto": { - "type": "x-simple-encryption", - "value": { - "cipher": "AES/CBC/PKCS5Padding", - "data": "W63amdvzlmynT40WOTl1wPWDc8FUlGWQZK158lmlFTrnhy9PbWZV5YE4v3VeMUDC", - "iv": "KG/YFc8v26QHJzRI3uFhzw==", - "keySize": 16, - "mac": "mA4BzCNS7tuLhosQ+es1Tg==", - "purpose": "idm.config.encryption", - "salt": "vvPwKk0KqOqMjElQgICqEA==", - "stableId": "openidm-sym-default", + { + "attribute": "effectiveRoles", + "readOnly": false, }, - }, - }, - "httpProxyHost": null, - "httpProxyPassword": null, - "httpProxyPort": null, - "httpProxyUsername": null, - "licenseCacheExpiryTime": 60, - "performHardDelete": true, - "readRateLimit": null, - "tenant": "711ffa9c-5972-4713-ace3-688c9732614a", - "writeRateLimit": null, - }, - "connectorRef": { - "bundleName": "org.forgerock.openicf.connectors.msgraphapi-connector", - "bundleVersion": "1.5.20.21", - "connectorName": "org.forgerock.openicf.connectors.msgraphapi.MSGraphAPIConnector", - "displayName": "MSGraphAPI Connector", - "systemType": "provisioner.openicf", - }, - "enabled": true, - "objectTypes": { - "User": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__ACCOUNT__", - "nativeType": "__ACCOUNT__", - "properties": { - "__PASSWORD__": { - "autocomplete": "new-password", - "flags": [ - "NOT_UPDATEABLE", - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PASSWORD__", - "nativeType": "JAVA_TYPE_GUARDEDSTRING", - "required": true, - "type": "string", + { + "attribute": "effectiveAssignments", + "readOnly": false, }, - "__roles__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__roles__", - "nativeType": "string", - "type": "array", + { + "attribute": "lastSync", + "readOnly": false, }, - "__servicePlanIds__": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__servicePlanIds__", - "nativeType": "string", - "type": "array", + { + "attribute": "kbaInfo", + "readOnly": false, }, - "accountEnabled": { - "nativeName": "accountEnabled", - "nativeType": "boolean", - "required": true, - "type": "boolean", + { + "attribute": "preferences", + "readOnly": false, }, - "city": { - "nativeName": "city", - "nativeType": "string", - "type": "string", + { + "attribute": "consentedMappings", + "readOnly": false, }, - "companyName": { - "nativeName": "companyName", - "nativeType": "string", - "type": "string", + { + "attribute": "memberOfOrg", + "readOnly": false, }, - "country": { - "nativeName": "country", - "nativeType": "string", - "type": "string", + { + "attribute": "adminOfOrg", + "readOnly": false, }, - "department": { - "nativeName": "department", - "nativeType": "string", - "type": "string", + { + "attribute": "ownerOfOrg", + "readOnly": true, }, - "displayName": { - "nativeName": "displayName", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "memberOfOrgIDs", + "readOnly": true, }, - "givenName": { - "nativeName": "givenName", - "nativeType": "string", - "type": "string", + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, }, - "jobTitle": { - "nativeName": "jobTitle", - "nativeType": "string", - "type": "string", + { + "attribute": "password", + "readOnly": false, }, - "mail": { - "nativeName": "mail", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "givenName", + "readOnly": false, }, - "mailNickname": { - "nativeName": "mailNickname", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "sn", + "readOnly": false, }, - "manager": { - "nativeName": "manager", - "nativeType": "object", - "type": "object", + { + "attribute": "mail", + "readOnly": false, }, - "memberOf": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "memberOf", - "nativeType": "string", - "type": "array", + { + "attribute": "description", + "readOnly": false, }, - "mobilePhone": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "mobilePhone", - "nativeType": "string", - "type": "string", + { + "attribute": "accountStatus", + "readOnly": false, }, - "onPremisesImmutableId": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "onPremisesImmutableId", - "nativeType": "string", - "type": "string", + { + "attribute": "telephoneNumber", + "readOnly": false, }, - "onPremisesSecurityIdentifier": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "onPremisesSecurityIdentifier", - "nativeType": "string", - "type": "string", + { + "attribute": "postalAddress", + "readOnly": false, }, - "otherMails": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "otherMails", - "nativeType": "string", - "type": "array", + { + "attribute": "city", + "readOnly": false, }, - "postalCode": { - "nativeName": "postalCode", - "nativeType": "string", - "type": "string", + { + "attribute": "postalCode", + "readOnly": false, }, - "preferredLanguage": { - "nativeName": "preferredLanguage", - "nativeType": "string", - "type": "string", + { + "attribute": "country", + "readOnly": false, }, - "proxyAddresses": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "proxyAddresses", - "nativeType": "string", - "type": "array", + { + "attribute": "stateProvince", + "readOnly": false, }, - "state": { - "nativeName": "state", - "nativeType": "string", - "type": "string", + { + "attribute": "roles", + "readOnly": false, }, - "streetAddress": { - "nativeName": "streetAddress", - "nativeType": "string", - "type": "string", + { + "attribute": "manager", + "readOnly": false, }, - "surname": { - "nativeName": "surname", - "nativeType": "string", - "type": "string", + { + "attribute": "authzRoles", + "readOnly": false, }, - "usageLocation": { - "nativeName": "usageLocation", - "nativeType": "string", - "type": "string", + { + "attribute": "reports", + "readOnly": false, }, - "userPrincipalName": { - "nativeName": "userPrincipalName", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "effectiveRoles", + "readOnly": false, }, - "userType": { - "nativeName": "userType", - "nativeType": "string", - "type": "string", + { + "attribute": "effectiveAssignments", + "readOnly": false, }, - }, - "type": "object", - }, - "__GROUP__": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__GROUP__", - "nativeType": "__GROUP__", - "properties": { - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "lastSync", + "readOnly": false, }, - "description": { - "nativeName": "description", - "nativeType": "string", - "type": "string", + { + "attribute": "kbaInfo", + "readOnly": false, }, - "displayName": { - "nativeName": "displayName", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "preferences", + "readOnly": false, }, - "groupTypes": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "groupTypes", - "nativeType": "string", - "type": "string", + { + "attribute": "consentedMappings", + "readOnly": false, }, - "id": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "id", - "type": "string", + { + "attribute": "memberOfOrg", + "readOnly": false, }, - "mail": { - "nativeName": "mail", - "nativeType": "string", - "type": "string", + { + "attribute": "adminOfOrg", + "readOnly": false, }, - "mailEnabled": { - "nativeName": "mailEnabled", - "nativeType": "boolean", - "required": true, - "type": "boolean", + { + "attribute": "ownerOfOrg", + "readOnly": true, }, - "onPremisesSecurityIdentifier": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "onPremisesSecurityIdentifier", - "nativeType": "string", - "type": "string", + { + "attribute": "memberOfOrgIDs", + "readOnly": true, }, - "proxyAddresses": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "proxyAddresses", - "nativeType": "string", - "type": "array", + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/user", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, }, - "securityEnabled": { - "nativeName": "securityEnabled", - "nativeType": "boolean", - "required": true, - "type": "boolean", + { + "attribute": "description", + "readOnly": false, }, - "type": { - "nativeName": "type", - "required": true, - "type": "string", + { + "attribute": "owners", + "readOnly": true, }, - }, - "type": "object", - }, - "directoryRole": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "directoryRole", - "nativeType": "directoryRole", - "properties": { - "description": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "description", - "nativeType": "string", - "type": "string", + { + "attribute": "admins", + "readOnly": true, }, - "displayName": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "displayName", - "nativeType": "string", - "type": "string", + { + "attribute": "members", + "readOnly": false, }, - }, - "type": "object", - }, - "servicePlan": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "servicePlan", - "nativeType": "servicePlan", - "properties": { - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", + { + "attribute": "parent", + "readOnly": false, }, - "appliesTo": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "appliesTo", - "nativeType": "string", - "type": "string", + { + "attribute": "children", + "readOnly": false, }, - "provisioningStatus": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "provisioningStatus", - "nativeType": "string", - "type": "string", + { + "attribute": "parentIDs", + "readOnly": true, }, - "servicePlanId": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "servicePlanId", - "nativeType": "string", - "type": "string", + { + "attribute": "adminIDs", + "readOnly": true, }, - "servicePlanName": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "servicePlanName", - "nativeType": "string", - "type": "string", + { + "attribute": "parentAdminIDs", + "readOnly": true, }, - "subscriberSkuId": { - "flags": [ - "NOT_UPDATEABLE", - "NOT_CREATABLE", - ], - "nativeName": "subscriberSkuId", - "type": "string", + { + "attribute": "ownerIDs", + "readOnly": true, }, - }, - "type": "object", + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, - "servicePrincipal": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "servicePrincipal", - "nativeType": "servicePrincipal", - "properties": { - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, }, - "__addAppRoleAssignedTo__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__addAppRoleAssignedTo__", - "nativeType": "object", - "type": "array", + { + "attribute": "description", + "readOnly": false, }, - "__addAppRoleAssignments__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__addAppRoleAssignments__", - "nativeType": "object", - "type": "array", + { + "attribute": "owners", + "readOnly": true, }, - "__removeAppRoleAssignedTo__": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__removeAppRoleAssignedTo__", - "nativeType": "string", - "type": "array", - }, - "__removeAppRoleAssignments__": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__removeAppRoleAssignments__", - "nativeType": "string", - "type": "array", - }, - "accountEnabled": { - "nativeName": "accountEnabled", - "nativeType": "boolean", - "type": "boolean", - }, - "addIns": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "addIns", - "nativeType": "object", - "type": "array", - }, - "alternativeNames": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "alternativeNames", - "nativeType": "string", - "type": "array", - }, - "appDescription": { - "nativeName": "appDescription", - "nativeType": "string", - "type": "string", - }, - "appDisplayName": { - "nativeName": "appDisplayName", - "nativeType": "string", - "type": "string", - }, - "appId": { - "nativeName": "appId", - "nativeType": "string", - "type": "string", - }, - "appOwnerOrganizationId": { - "nativeName": "appOwnerOrganizationId", - "nativeType": "string", - "type": "string", - }, - "appRoleAssignmentRequired": { - "nativeName": "appRoleAssignmentRequired", - "nativeType": "boolean", - "type": "boolean", - }, - "appRoles": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "appRoles", - "nativeType": "object", - "type": "array", - }, - "applicationTemplateId": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "applicationTemplateId", - "nativeType": "string", - "type": "string", - }, - "deletedDateTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "deletedDateTime", - "nativeType": "string", - "type": "string", - }, - "description": { - "nativeName": "description", - "nativeType": "string", - "type": "string", + { + "attribute": "admins", + "readOnly": true, }, - "disabledByMicrosoftStatus": { - "nativeName": "disabledByMicrosoftStatus", - "nativeType": "string", - "type": "string", + { + "attribute": "members", + "readOnly": false, }, - "displayName": { - "nativeName": "displayName", - "nativeType": "string", - "type": "string", + { + "attribute": "parent", + "readOnly": false, }, - "homepage": { - "nativeName": "homepage", - "nativeType": "string", - "type": "string", + { + "attribute": "children", + "readOnly": false, }, - "info": { - "nativeName": "info", - "nativeType": "object", - "type": "object", + { + "attribute": "parentIDs", + "readOnly": true, }, - "keyCredentials": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "keyCredentials", - "nativeType": "object", - "type": "array", + { + "attribute": "adminIDs", + "readOnly": true, }, - "loginUrl": { - "nativeName": "loginUrl", - "nativeType": "string", - "type": "string", + { + "attribute": "parentAdminIDs", + "readOnly": true, }, - "logoutUrl": { - "nativeName": "logoutUrl", - "nativeType": "string", - "type": "string", + { + "attribute": "ownerIDs", + "readOnly": true, }, - "notes": { - "nativeName": "notes", - "nativeType": "string", - "type": "string", + { + "attribute": "parentOwnerIDs", + "readOnly": true, }, - "notificationEmailAddresses": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "notificationEmailAddresses", - "nativeType": "string", - "type": "array", + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, }, - "oauth2PermissionScopes": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "oauth2PermissionScopes", - "nativeType": "object", - "type": "array", + { + "attribute": "password", + "readOnly": false, }, - "passwordCredentials": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "passwordCredentials", - "nativeType": "object", - "type": "array", + { + "attribute": "givenName", + "readOnly": false, }, - "preferredSingleSignOnMode": { - "nativeName": "preferredSingleSignOnMode", - "nativeType": "string", - "type": "string", + { + "attribute": "sn", + "readOnly": false, }, - "replyUrls": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "replyUrls", - "nativeType": "string", - "type": "array", + { + "attribute": "mail", + "readOnly": false, }, - "resourceSpecificApplicationPermissions": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "resourceSpecificApplicationPermissions", - "nativeType": "object", - "type": "array", + { + "attribute": "description", + "readOnly": false, }, - "samlSingleSignOnSettings": { - "nativeName": "samlSingleSignOnSettings", - "nativeType": "object", - "type": "object", + { + "attribute": "accountStatus", + "readOnly": false, }, - "servicePrincipalNames": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "servicePrincipalNames", - "nativeType": "string", - "type": "array", + { + "attribute": "telephoneNumber", + "readOnly": false, }, - "servicePrincipalType": { - "nativeName": "servicePrincipalType", - "nativeType": "string", - "type": "string", + { + "attribute": "postalAddress", + "readOnly": false, }, - "signInAudience": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "signInAudience", - "nativeType": "string", - "type": "string", + { + "attribute": "city", + "readOnly": false, }, - "tags": { - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "tags", - "nativeType": "string", - "type": "array", + { + "attribute": "postalCode", + "readOnly": false, }, - "tokenEncryptionKeyId": { - "nativeName": "tokenEncryptionKeyId", - "nativeType": "string", - "type": "string", + { + "attribute": "country", + "readOnly": false, }, - "verifiedPublisher": { - "nativeName": "verifiedPublisher", - "nativeType": "object", - "type": "object", + { + "attribute": "stateProvince", + "readOnly": false, }, - }, - "type": "object", - }, - }, - "operationTimeout": { - "AUTHENTICATE": -1, - "CREATE": -1, - "DELETE": -1, - "GET": -1, - "RESOLVEUSERNAME": -1, - "SCHEMA": -1, - "SCRIPT_ON_CONNECTOR": -1, - "SCRIPT_ON_RESOURCE": -1, - "SEARCH": -1, - "SYNC": -1, - "TEST": -1, - "UPDATE": -1, - "VALIDATE": -1, - }, - "poolConfigOption": { - "maxIdle": 10, - "maxObjects": 10, - "maxWait": 150000, - "minEvictableIdleTimeMillis": 120000, - "minIdle": 1, - }, - "resultsHandlerConfig": { - "enableAttributesToGetSearchResultsHandler": true, - "enableCaseInsensitiveFilter": false, - "enableFilteredResultsHandler": false, - "enableNormalizingResultsHandler": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/GoogleApps.idm.json 1`] = ` -{ - "idm": { - "provisioner.openicf/GoogleApps": { - "_id": "provisioner.openicf/GoogleApps", - "configurationProperties": { - "availableLicenses": [ - "101005/1010050001", - "101001/1010010001", - "101031/1010310010", - "101034/1010340002", - "101038/1010380002", - "101034/1010340001", - "101038/1010380003", - "101034/1010340004", - "101034/1010340003", - "101034/1010340006", - "Google-Apps/Google-Apps-For-Business", - "101034/1010340005", - "Google-Vault/Google-Vault", - "Google-Apps/1010020031", - "Google-Apps/1010020030", - "Google-Apps/1010060003", - "Google-Apps/1010060005", - "Google-Apps/Google-Apps-Unlimited", - "Google-Apps/1010020029", - "Google-Apps/Google-Apps-Lite", - "101031/1010310003", - "101033/1010330002", - "101033/1010330004", - "Google-Apps/Google-Apps-For-Education", - "101031/1010310002", - "101033/1010330003", - "Google-Apps/1010020026", - "101031/1010310007", - "Google-Apps/1010020025", - "101031/1010310008", - "Google-Apps/1010020028", - "Google-Apps/Google-Apps-For-Postini", - "101031/1010310005", - "Google-Apps/1010020027", - "101031/1010310006", - "101031/1010310009", - "Google-Vault/Google-Vault-Former-Employee", - "101038/1010370001", - "Google-Apps/1010020020", - "Google-Apps/1010060001", - ], - "clientId": "&{esv.gac.client.id}", - "clientSecret": "&{esv.gac.secret}", - "domain": "&{esv.gac.domain}", - "groupsMaxResults": "200", - "listProductAndSkuMaxResults": "100", - "listProductMaxResults": "100", - "membersMaxResults": "200", - "proxyHost": null, - "proxyPort": 8080, - "refreshToken": "&{esv.gac.refresh}", - "roleAssignmentMaxResults": 100, - "roleMaxResults": 100, - "usersMaxResults": "100", - "validateCertificate": true, - }, - "connectorRef": { - "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", - "bundleVersion": "[1.5.0.0,1.6.0.0)", - "connectorHostRef": "", - "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", - "displayName": "GoogleApps Connector", - "systemType": "provisioner.openicf", - }, - "enabled": { - "$bool": "&{esv.gac.enable.connector}", - }, - "objectTypes": { - "__ACCOUNT__": { - "$schema": "http://json-schema.org/draft-03/schema", - "id": "__ACCOUNT__", - "nativeType": "__ACCOUNT__", - "properties": { - "__GROUPS__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "__GROUPS__", - "nativeType": "string", - "type": "array", + { + "attribute": "roles", + "readOnly": false, }, - "__NAME__": { - "nativeName": "__NAME__", - "nativeType": "string", - "type": "string", + { + "attribute": "manager", + "readOnly": false, }, - "__PASSWORD__": { - "flags": [ - "NOT_READABLE", - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PASSWORD__", - "nativeType": "JAVA_TYPE_GUARDEDSTRING", - "required": true, - "type": "string", + { + "attribute": "authzRoles", + "readOnly": false, }, - "__PHOTO__": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "__PHOTO__", - "nativeType": "JAVA_TYPE_BYTE_ARRAY", - "type": "string", + { + "attribute": "reports", + "readOnly": false, }, - "__SECONDARY_EMAILS__": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "__SECONDARY_EMAILS__", - "nativeType": "object", - "type": "array", + { + "attribute": "effectiveRoles", + "readOnly": false, }, - "__UID__": { - "nativeName": "__UID__", - "nativeType": "string", - "required": false, - "type": "string", + { + "attribute": "effectiveAssignments", + "readOnly": false, }, - "addresses": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "addresses", - "nativeType": "object", - "type": "array", + { + "attribute": "lastSync", + "readOnly": false, }, - "agreedToTerms": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "agreedToTerms", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", + { + "attribute": "kbaInfo", + "readOnly": false, }, - "aliases": { - "flags": [ - "NOT_CREATABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "aliases", - "nativeType": "string", - "type": "array", + { + "attribute": "preferences", + "readOnly": false, }, - "archived": { - "nativeName": "archived", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "consentedMappings", + "readOnly": false, }, - "changePasswordAtNextLogin": { - "nativeName": "changePasswordAtNextLogin", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "memberOfOrg", + "readOnly": false, }, - "creationTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "creationTime", - "nativeType": "string", - "type": "array", + { + "attribute": "adminOfOrg", + "readOnly": true, }, - "customSchemas": { - "nativeName": "customSchemas", - "nativeType": "object", - "type": "object", + { + "attribute": "ownerOfOrg", + "readOnly": true, }, - "customerId": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "customerId", - "nativeType": "string", - "type": "string", + { + "attribute": "memberOfOrgIDs", + "readOnly": true, }, - "deletionTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "deletionTime", - "nativeType": "string", - "type": "string", + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, }, - "externalIds": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "externalIds", - "nativeType": "object", - "type": "array", + { + "attribute": "password", + "readOnly": false, }, - "familyName": { - "nativeName": "familyName", - "nativeType": "string", - "type": "string", + { + "attribute": "givenName", + "readOnly": false, }, - "fullName": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "fullName", - "nativeType": "string", - "type": "string", + { + "attribute": "sn", + "readOnly": false, }, - "givenName": { - "nativeName": "givenName", - "nativeType": "string", - "required": true, - "type": "string", + { + "attribute": "mail", + "readOnly": false, }, - "hashFunction": { - "flags": [ - "NOT_RETURNED_BY_DEFAULT", - ], - "nativeName": "hashFunction", - "nativeType": "string", - "type": "string", + { + "attribute": "description", + "readOnly": false, }, - "ims": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "ims", - "nativeType": "object", - "type": "array", + { + "attribute": "accountStatus", + "readOnly": false, }, - "includeInGlobalAddressList": { - "nativeName": "includeInGlobalAddressList", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "telephoneNumber", + "readOnly": false, }, - "ipWhitelisted": { - "nativeName": "ipWhitelisted", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "postalAddress", + "readOnly": false, }, - "isAdmin": { - "nativeName": "isAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", + { + "attribute": "city", + "readOnly": false, }, - "isDelegatedAdmin": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isDelegatedAdmin", - "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", - "type": "boolean", + { + "attribute": "postalCode", + "readOnly": false, }, - "isEnforcedIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnforcedIn2Sv", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "country", + "readOnly": false, }, - "isEnrolledIn2Sv": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isEnrolledIn2Sv", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "stateProvince", + "readOnly": false, }, - "isMailboxSetup": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "isMailboxSetup", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "roles", + "readOnly": false, }, - "languages": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "languages", - "nativeType": "object", - "type": "array", + { + "attribute": "manager", + "readOnly": false, }, - "lastLoginTime": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "lastLoginTime", - "nativeType": "string", - "type": "array", + { + "attribute": "authzRoles", + "readOnly": false, }, - "nonEditableAliases": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "items": { - "nativeType": "string", - "type": "string", - }, - "nativeName": "nonEditableAliases", - "nativeType": "string", - "type": "array", + { + "attribute": "reports", + "readOnly": false, }, - "orgUnitPath": { - "nativeName": "orgUnitPath", - "nativeType": "string", - "type": "string", + { + "attribute": "effectiveRoles", + "readOnly": false, }, - "organizations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "organizations", - "nativeType": "object", - "type": "array", + { + "attribute": "effectiveAssignments", + "readOnly": false, }, - "phones": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "phones", - "nativeType": "object", - "type": "array", + { + "attribute": "lastSync", + "readOnly": false, }, - "primaryEmail": { - "nativeName": "primaryEmail", - "nativeType": "string", - "type": "string", + { + "attribute": "kbaInfo", + "readOnly": false, }, - "recoveryEmail": { - "nativeName": "recoveryEmail", - "nativeType": "string", - "type": "string", + { + "attribute": "preferences", + "readOnly": false, }, - "recoveryPhone": { - "nativeName": "recoveryPhone", - "nativeType": "string", - "type": "string", + { + "attribute": "consentedMappings", + "readOnly": false, }, - "relations": { - "items": { - "nativeType": "object", - "type": "object", - }, - "nativeName": "relations", - "nativeType": "object", - "type": "array", + { + "attribute": "memberOfOrg", + "readOnly": false, }, - "suspended": { - "nativeName": "suspended", - "nativeType": "boolean", - "type": "boolean", + { + "attribute": "adminOfOrg", + "readOnly": true, }, - "suspensionReason": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "suspensionReason", - "nativeType": "string", - "type": "string", + { + "attribute": "ownerOfOrg", + "readOnly": true, }, - "thumbnailPhotoUrl": { - "flags": [ - "NOT_CREATABLE", - "NOT_UPDATEABLE", - ], - "nativeName": "thumbnailPhotoUrl", - "nativeType": "string", - "type": "string", + { + "attribute": "memberOfOrgIDs", + "readOnly": true, }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/user", + "permissions": [ + "CREATE", + ], + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/process/access.idm.json 1`] = ` +{ + "idm": { + "process/access": { + "_id": "process/access", + "workflowAccess": [ + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-authorized", }, - "type": "object", }, - }, - "operationTimeout": { - "AUTHENTICATE": -1, - "CREATE": -1, - "DELETE": -1, - "GET": -1, - "RESOLVEUSERNAME": -1, - "SCHEMA": -1, - "SCRIPT_ON_CONNECTOR": -1, - "SCRIPT_ON_RESOURCE": -1, - "SEARCH": -1, - "SYNC": -1, - "TEST": -1, - "UPDATE": -1, - "VALIDATE": -1, - }, - "poolConfigOption": { - "maxIdle": 10, - "maxObjects": 10, - "maxWait": 150000, - "minEvictableIdleTimeMillis": 120000, - "minIdle": 1, - }, - "resultsHandlerConfig": { - "enableAttributesToGetSearchResultsHandler": true, - "enableCaseInsensitiveFilter": false, - "enableFilteredResultsHandler": false, - "enableNormalizingResultsHandler": false, - }, + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-admin", + }, + }, + ], }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/repo.ds.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/repo.ds.idm.json 1`] = ` { "idm": { "repo.ds": { @@ -262371,123 +256063,50 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "embedded": false, "ldapConnectionFactories": { "bind": { - "availabilityCheckIntervalSeconds": 30, - "availabilityCheckTimeoutMilliSeconds": 10000, "connectionPoolSize": 50, - "connectionSecurity": "none", + "connectionSecurity": "startTLS", "heartBeatIntervalSeconds": 60, "heartBeatTimeoutMilliSeconds": 10000, "primaryLdapServers": [ { - "hostname": "userstore-0.userstore", - "port": 1389, - }, - ], - "secondaryLdapServers": [ - { - "hostname": "userstore-2.userstore", - "port": 1389, + "hostname": "opendj-frodo-dev.classic.com", + "port": 2389, }, ], + "secondaryLdapServers": [], }, "root": { "authentication": { "simple": { "bindDn": "uid=admin", - "bindPassword": "&{userstore.password}", + "bindPassword": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "lJ/B6T9e9CDKHCN8TxkD4g==", + "iv": "EdrerzwEUUkHG582cLDw5w==", + "keySize": 32, + "mac": "Aty9fXUtl4pexGlHOc+CBg==", + "purpose": "idm.config.encryption", + "salt": "BITSKlnPeT5klcuEZbngzw==", + "stableId": "openidm-sym-default", + }, + }, + }, }, }, "inheritFrom": "bind", }, }, "maxConnectionAttempts": 5, - "queries": { - "explicit": { - "credential-internaluser-query": { - "_queryFilter": "/_id eq "\${username}"", - }, - "credential-query": { - "_queryFilter": "/userName eq "\${username}"", - }, - "for-userName": { - "_queryFilter": "/userName eq "\${uid}"", - }, - "links-for-firstId": { - "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", - }, - "links-for-linkType": { - "_queryFilter": "/linkType eq "\${linkType}"", - }, - "query-all": { - "_queryFilter": "true", - }, - "query-all-ids": { - "_fields": "_id,_rev", - "_queryFilter": "true", - }, - }, - "generic": { - "credential-internaluser-query": { - "_queryFilter": "/_id eq "\${username}"", - }, - "credential-query": { - "_queryFilter": "/userName eq "\${username}"", - }, - "find-relationship-edges": { - "_queryFilter": "((/firstResourceCollection eq "\${firstResourceCollection}" and /firstResourceId eq "\${firstResourceId}" and /firstPropertyName eq "\${firstPropertyName}") and (/secondResourceCollection eq "\${secondResourceCollection}" and /secondResourceId eq "\${secondResourceId}" and /secondPropertyName eq "\${secondPropertyName}")) or ((/firstResourceCollection eq "\${secondResourceCollection}" and /firstResourceId eq "\${secondResourceId}" and /firstPropertyName eq "\${secondPropertyName}") and (/secondResourceCollection eq "\${firstResourceCollection}" and /secondResourceId eq "\${firstResourceId}" and /secondPropertyName eq "\${firstPropertyName}"))", - }, - "find-relationships-for-resource": { - "_queryFilter": "(/firstResourceCollection eq "\${resourceCollection}" and /firstResourceId eq "\${resourceId}" and /firstPropertyName eq "\${propertyName}") or (/secondResourceCollection eq "\${resourceCollection}" and /secondResourceId eq "\${resourceId}" and /secondPropertyName eq "\${propertyName}")", - }, - "for-userName": { - "_queryFilter": "/userName eq "\${uid}"", - }, - "get-by-field-value": { - "_queryFilter": "/\${field} eq "\${value}"", - }, - "get-notifications-for-user": { - "_queryFilter": "/receiverId eq "\${userId}"", - "_sortKeys": "-createDate", - }, - "get-recons": { - "_fields": "reconId,mapping,activitydate", - "_queryFilter": "/entryType eq "summary"", - "_sortKeys": "-activitydate", - }, - "links-for-firstId": { - "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", - }, - "links-for-linkType": { - "_queryFilter": "/linkType eq "\${linkType}"", - }, - "query-all": { - "_queryFilter": "true", - }, - "query-all-ids": { - "_fields": "_id,_rev", - "_queryFilter": "true", - }, - "query-cluster-events": { - "_queryFilter": "/instanceId eq "\${instanceId}"", - }, - "query-cluster-failed-instances": { - "_queryFilter": "/timestamp le \${timestamp} and (/state eq "1" or /state eq "2")", - }, - "query-cluster-instances": { - "_queryFilter": "true", - }, - "query-cluster-running-instances": { - "_queryFilter": "/state eq 1", - }, - }, - }, "resourceMapping": { "defaultMapping": { - "dnTemplate": "ou=generic,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=generic,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, "explicitMapping": { "clusteredrecontargetids": { - "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "objectClasses": [ "uidObject", "fr-idm-recon-clusteredTargetIds", @@ -262677,21 +256296,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "type": "simple", "writability": "createOnly", }, - "allowPreEncodedPasswords": { - "ldapAttribute": "ds-cfg-allow-pre-encoded-passwords", - "type": "simple", - }, "defaultPasswordStorageScheme": { "isMultiValued": true, "isRequired": true, "ldapAttribute": "ds-cfg-default-password-storage-scheme", "type": "simple", }, - "deprecatedPasswordStorageScheme": { - "isMultiValued": true, - "ldapAttribute": "ds-cfg-deprecated-password-storage-scheme", - "type": "simple", - }, "maxPasswordAge": { "ldapAttribute": "ds-cfg-max-password-age", "type": "simple", @@ -262864,94 +256474,22 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, }, }, - "identities/admin": { - "dnTemplate": "o=root,ou=identities", - "isReadOnly": true, - "namingStrategy": { - "dnAttribute": "ou", - "type": "clientDnNaming", - }, + "internal/role": { + "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "objectClasses": [ - "organizationalunit", + "fr-idm-internal-role", ], "properties": { "_id": { - "ldapAttribute": "ou", - "primaryKey": true, - "type": "simple", - }, - "count": { "isRequired": true, - "ldapAttribute": "numSubordinates", + "ldapAttribute": "cn", "type": "simple", - "writability": "readOnly", - }, - }, - }, - "identities/alpha": { - "dnTemplate": "o=alpha,o=root,ou=identities", - "isReadOnly": true, - "namingStrategy": { - "dnAttribute": "ou", - "type": "clientDnNaming", - }, - "objectClasses": [ - "organizationalunit", - ], - "properties": { - "_id": { - "ldapAttribute": "ou", - "primaryKey": true, - "type": "simple", - }, - "count": { - "isRequired": true, - "ldapAttribute": "numSubordinates", - "type": "simple", - "writability": "readOnly", - }, - }, - }, - "identities/bravo": { - "dnTemplate": "o=bravo,o=root,ou=identities", - "isReadOnly": true, - "namingStrategy": { - "dnAttribute": "ou", - "type": "clientDnNaming", - }, - "objectClasses": [ - "organizationalunit", - ], - "properties": { - "_id": { - "ldapAttribute": "ou", - "primaryKey": true, - "type": "simple", - }, - "count": { - "isRequired": true, - "ldapAttribute": "numSubordinates", - "type": "simple", - "writability": "readOnly", - }, - }, - }, - "internal/role": { - "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=example,dc=com", - "objectClasses": [ - "fr-idm-internal-role", - ], - "properties": { - "_id": { - "isRequired": true, - "ldapAttribute": "cn", - "type": "simple", - "writability": "createOnly", + "writability": "createOnly", }, "authzMembers": { "isMultiValued": true, "propertyName": "authzRoles", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, "condition": { @@ -262979,7 +256517,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, }, "internal/user": { - "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "objectClasses": [ "uidObject", "fr-idm-internal-user", @@ -262998,7 +256536,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, }, "link": { - "dnTemplate": "ou=links,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=links,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "objectClasses": [ "uidObject", "fr-idm-link", @@ -263029,7 +256567,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, }, "locks": { - "dnTemplate": "ou=locks,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=locks,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "objectClasses": [ "uidObject", "fr-idm-lock", @@ -263047,110 +256585,8 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, }, }, - "managed/teammember": { - "dnTemplate": "ou=people,o=root,ou=identities", - "namingStrategy": { - "dnAttribute": "fr-idm-uuid", - "type": "clientDnNaming", - }, - "nativeId": false, - "objectClasses": [ - "person", - "organizationalPerson", - "inetOrgPerson", - "fraas-admin", - "iplanet-am-user-service", - "deviceProfilesContainer", - "devicePrintProfilesContainer", - "kbaInfoContainer", - "fr-idm-managed-user-explicit", - "forgerock-am-dashboard-service", - "inetuser", - "iplanet-am-auth-configuration-service", - "iplanet-am-managed-person", - "iPlanetPreferences", - "oathDeviceProfilesContainer", - "pushDeviceProfilesContainer", - "sunAMAuthAccountLockout", - "sunFMSAML2NameIdentifier", - "webauthnDeviceProfilesContainer", - "fr-idm-hybrid-obj", - ], - "properties": { - "_id": { - "ldapAttribute": "fr-idm-uuid", - "primaryKey": true, - "type": "simple", - }, - "_meta": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-meta", - "primaryKey": "uid", - "resourcePath": "managed/teammembermeta", - "type": "reference", - }, - "accountStatus": { - "ldapAttribute": "inetUserStatus", - "type": "simple", - }, - "cn": { - "ldapAttribute": "cn", - "type": "simple", - }, - "givenName": { - "ldapAttribute": "givenName", - "type": "simple", - }, - "inviteDate": { - "ldapAttribute": "fr-idm-inviteDate", - "type": "simple", - }, - "jurisdiction": { - "ldapAttribute": "fr-idm-jurisdiction", - "type": "simple", - }, - "mail": { - "ldapAttribute": "mail", - "type": "simple", - }, - "onboardDate": { - "ldapAttribute": "fr-idm-onboardDate", - "type": "simple", - }, - "password": { - "ldapAttribute": "userPassword", - "type": "simple", - }, - "sn": { - "ldapAttribute": "sn", - "type": "simple", - }, - "userName": { - "ldapAttribute": "uid", - "type": "simple", - }, - }, - }, - "managed/teammembergroup": { - "dnTemplate": "ou=groups,o=root,ou=identities", - "objectClasses": [ - "groupofuniquenames", - ], - "properties": { - "_id": { - "ldapAttribute": "cn", - "primaryKey": true, - "type": "simple", - }, - "members": { - "isMultiValued": true, - "ldapAttribute": "uniqueMember", - "type": "simple", - }, - }, - }, "recon/assoc": { - "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "namingStrategy": { "dnAttribute": "fr-idm-reconassoc-reconid", "type": "clientDnNaming", @@ -263281,7 +256717,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou ], }, "sync/queue": { - "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "objectClasses": [ "uidObject", "fr-idm-syncqueue", @@ -263321,10 +256757,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "ldapAttribute": "fr-idm-syncqueue-oldobject", "type": "json", }, - "remainingRetries": { - "ldapAttribute": "fr-idm-syncqueue-remainingretries", - "type": "simple", - }, "resourceCollection": { "ldapAttribute": "fr-idm-syncqueue-resourcecollection", "type": "simple", @@ -263346,7 +256778,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, "genericMapping": { "cluster/*": { - "dnTemplate": "ou=cluster,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=cluster,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "jsonAttribute": "fr-idm-cluster-json", "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", "objectClasses": [ @@ -263355,13 +256787,19 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou ], }, "config": { - "dnTemplate": "ou=config,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=config,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, "file": { - "dnTemplate": "ou=file,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=file,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "import": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "import/*": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, "internal/notification": { - "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "jsonAttribute": "fr-idm-notification-json", "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", "objectClasses": [ @@ -263371,13 +256809,13 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "properties": { "target": { "propertyName": "_notifications", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, }, }, "internal/usermeta": { - "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "jsonAttribute": "fr-idm-json", "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", "objectClasses": [ @@ -263387,88 +256825,69 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "properties": { "target": { "propertyName": "_meta", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, }, }, "jsonstorage": { - "dnTemplate": "ou=jsonstorage,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=jsonstorage,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, "managed/*": { - "dnTemplate": "ou=managed,dc=openidm,dc=example,dc=com", + "dnTemplate": "ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "managed/alpha_group": { - "dnTemplate": "ou=groups,o=alpha,o=root,ou=identities", - "idGenerator": { - "propertyName": "name", - "type": "property", - }, - "jsonAttribute": "fr-idm-managed-group-json", + "managed/assignment": { + "dnTemplate": "ou=assignment,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-assignment-json", "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "cn", - "type": "clientDnNaming", - }, - "nativeId": false, "objectClasses": [ - "top", - "groupOfURLs", - "fr-idm-managed-group", + "uidObject", + "fr-idm-managed-assignment", ], "properties": { - "_id": { - "ldapAttribute": "cn", - "primaryKey": true, - "type": "simple", - "writability": "createOnly", - }, "condition": { - "ldapAttribute": "fr-idm-managed-group-condition", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", + "ldapAttribute": "fr-idm-assignment-condition", "type": "simple", }, "members": { "isMultiValued": true, - "propertyName": "groups", - "resourcePath": "managed/alpha_user", + "propertyName": "assignments", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "propertyName": "assignments", + "resourcePath": "managed/role", "type": "reverseReference", }, }, }, - "managed/alpha_organization": { - "dnTemplate": "ou=organization,o=alpha,o=root,ou=identities", + "managed/organization": { + "dnTemplate": "ou=organization,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "jsonAttribute": "fr-idm-managed-organization-json", "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", "objectClasses": [ "uidObject", "fr-idm-managed-organization", - "fr-ext-attrs", ], "properties": { - "_id": { - "ldapAttribute": "uid", - "type": "simple", - }, "admins": { "isMultiValued": true, "propertyName": "adminOfOrg", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, "children": { "isMultiValued": true, "propertyName": "parent", - "resourcePath": "managed/alpha_organization", + "resourcePath": "managed/organization", "type": "reverseReference", }, "members": { "isMultiValued": true, "propertyName": "memberOfOrg", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, "name": { @@ -263478,19 +256897,19 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "owners": { "isMultiValued": true, "propertyName": "ownerOfOrg", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, "parent": { "ldapAttribute": "fr-idm-managed-organization-parent", "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", + "resourcePath": "managed/organization", "type": "reference", }, }, }, - "managed/alpha_role": { - "dnTemplate": "ou=role,o=alpha,o=root,ou=identities", + "managed/role": { + "dnTemplate": "ou=role,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", "jsonAttribute": "fr-idm-managed-role-json", "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", "objectClasses": [ @@ -263498,56 +256917,35 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "fr-idm-managed-role", ], "properties": { + "assignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-role-assignments", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", + }, "members": { "isMultiValued": true, "propertyName": "roles", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, }, }, - "managed/alpha_user": { - "dnTemplate": "ou=user,o=alpha,o=root,ou=identities", - "jsonAttribute": "fr-idm-custom-attrs", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "fr-idm-uuid", - "type": "clientDnNaming", - }, - "nativeId": false, + "managed/user": { + "dnTemplate": "ou=user,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-user-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedUser", "objectClasses": [ - "person", - "organizationalPerson", - "inetOrgPerson", - "iplanet-am-user-service", - "devicePrintProfilesContainer", - "deviceProfilesContainer", - "kbaInfoContainer", - "fr-idm-managed-user-explicit", - "forgerock-am-dashboard-service", - "inetuser", - "iplanet-am-auth-configuration-service", - "iplanet-am-managed-person", - "iPlanetPreferences", - "oathDeviceProfilesContainer", - "pushDeviceProfilesContainer", - "sunAMAuthAccountLockout", - "sunFMSAML2NameIdentifier", - "webauthnDeviceProfilesContainer", - "fr-idm-hybrid-obj", - "fr-ext-attrs", + "uidObject", + "fr-idm-managed-user", ], "properties": { - "_id": { - "ldapAttribute": "fr-idm-uuid", - "primaryKey": true, - "type": "simple", - }, "_meta": { "isMultiValued": false, "ldapAttribute": "fr-idm-managed-user-meta", "primaryKey": "uid", - "resourcePath": "managed/alpha_usermeta", + "resourcePath": "internal/usermeta", "type": "reference", }, "_notifications": { @@ -263557,26 +256955,19 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "resourcePath": "internal/notification", "type": "reference", }, - "accountStatus": { - "ldapAttribute": "inetUserStatus", - "type": "simple", - }, "adminOfOrg": { "isMultiValued": true, "ldapAttribute": "fr-idm-managed-organization-admin", "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", + "resourcePath": "managed/organization", "type": "reference", }, - "aliasList": { - "isMultiValued": true, - "ldapAttribute": "iplanet-am-user-alias-list", - "type": "simple", - }, - "assignedDashboard": { + "assignments": { "isMultiValued": true, - "ldapAttribute": "assignedDashboard", - "type": "simple", + "ldapAttribute": "fr-idm-managed-assignment-member", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", }, "authzRoles": { "isMultiValued": true, @@ -263585,1058 +256976,445 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "resourcePath": "internal/role", "type": "reference", }, - "city": { - "ldapAttribute": "l", - "type": "simple", - }, - "cn": { - "ldapAttribute": "cn", - "type": "simple", - }, - "consentedMappings": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-consentedMapping", - "type": "json", - }, - "country": { - "ldapAttribute": "co", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "displayName": { - "ldapAttribute": "displayName", - "type": "simple", - }, - "effectiveAssignments": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveAssignment", - "type": "json", - }, - "effectiveGroups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveGroup", - "type": "json", - }, - "effectiveRoles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveRole", - "type": "json", - }, - "frIndexedDate1": { - "ldapAttribute": "fr-attr-idate1", - "type": "simple", - }, - "frIndexedDate2": { - "ldapAttribute": "fr-attr-idate2", - "type": "simple", - }, - "frIndexedDate3": { - "ldapAttribute": "fr-attr-idate3", - "type": "simple", - }, - "frIndexedDate4": { - "ldapAttribute": "fr-attr-idate4", - "type": "simple", - }, - "frIndexedDate5": { - "ldapAttribute": "fr-attr-idate5", - "type": "simple", - }, - "frIndexedInteger1": { - "ldapAttribute": "fr-attr-iint1", - "type": "simple", - }, - "frIndexedInteger2": { - "ldapAttribute": "fr-attr-iint2", - "type": "simple", - }, - "frIndexedInteger3": { - "ldapAttribute": "fr-attr-iint3", - "type": "simple", - }, - "frIndexedInteger4": { - "ldapAttribute": "fr-attr-iint4", - "type": "simple", - }, - "frIndexedInteger5": { - "ldapAttribute": "fr-attr-iint5", - "type": "simple", - }, - "frIndexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti1", - "type": "simple", - }, - "frIndexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti2", - "type": "simple", - }, - "frIndexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti3", - "type": "simple", - }, - "frIndexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti4", - "type": "simple", - }, - "frIndexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti5", - "type": "simple", - }, - "frIndexedString1": { - "ldapAttribute": "fr-attr-istr1", - "type": "simple", - }, - "frIndexedString2": { - "ldapAttribute": "fr-attr-istr2", - "type": "simple", - }, - "frIndexedString3": { - "ldapAttribute": "fr-attr-istr3", - "type": "simple", - }, - "frIndexedString4": { - "ldapAttribute": "fr-attr-istr4", - "type": "simple", - }, - "frIndexedString5": { - "ldapAttribute": "fr-attr-istr5", - "type": "simple", - }, - "frUnindexedDate1": { - "ldapAttribute": "fr-attr-date1", - "type": "simple", - }, - "frUnindexedDate2": { - "ldapAttribute": "fr-attr-date2", - "type": "simple", - }, - "frUnindexedDate3": { - "ldapAttribute": "fr-attr-date3", - "type": "simple", - }, - "frUnindexedDate4": { - "ldapAttribute": "fr-attr-date4", - "type": "simple", - }, - "frUnindexedDate5": { - "ldapAttribute": "fr-attr-date5", - "type": "simple", - }, - "frUnindexedInteger1": { - "ldapAttribute": "fr-attr-int1", - "type": "simple", - }, - "frUnindexedInteger2": { - "ldapAttribute": "fr-attr-int2", - "type": "simple", - }, - "frUnindexedInteger3": { - "ldapAttribute": "fr-attr-int3", - "type": "simple", - }, - "frUnindexedInteger4": { - "ldapAttribute": "fr-attr-int4", - "type": "simple", - }, - "frUnindexedInteger5": { - "ldapAttribute": "fr-attr-int5", - "type": "simple", - }, - "frUnindexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi1", - "type": "simple", - }, - "frUnindexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi2", - "type": "simple", - }, - "frUnindexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi3", - "type": "simple", - }, - "frUnindexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi4", - "type": "simple", - }, - "frUnindexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi5", - "type": "simple", - }, - "frUnindexedString1": { - "ldapAttribute": "fr-attr-str1", - "type": "simple", - }, - "frUnindexedString2": { - "ldapAttribute": "fr-attr-str2", - "type": "simple", - }, - "frUnindexedString3": { - "ldapAttribute": "fr-attr-str3", - "type": "simple", - }, - "frUnindexedString4": { - "ldapAttribute": "fr-attr-str4", - "type": "simple", - }, - "frUnindexedString5": { - "ldapAttribute": "fr-attr-str5", - "type": "simple", - }, - "givenName": { - "ldapAttribute": "givenName", - "type": "simple", - }, - "groups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-groups", - "primaryKey": "cn", - "resourcePath": "managed/alpha_group", - "type": "reference", - }, - "kbaInfo": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-kbaInfo", - "type": "json", - }, - "lastSync": { - "ldapAttribute": "fr-idm-lastSync", - "type": "json", - }, - "mail": { - "ldapAttribute": "mail", - "type": "simple", - }, "manager": { "isMultiValued": false, "ldapAttribute": "fr-idm-managed-user-manager", "primaryKey": "uid", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reference", }, "memberOfOrg": { "isMultiValued": true, "ldapAttribute": "fr-idm-managed-organization-member", "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", + "resourcePath": "managed/organization", "type": "reference", }, - "memberOfOrgIDs": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-memberoforgid", - "type": "simple", - }, "ownerOfOrg": { "isMultiValued": true, "ldapAttribute": "fr-idm-managed-organization-owner", "primaryKey": "uid", - "resourcePath": "managed/alpha_organization", + "resourcePath": "managed/organization", "type": "reference", }, - "password": { - "ldapAttribute": "userPassword", - "type": "simple", - }, - "postalAddress": { - "ldapAttribute": "street", - "type": "simple", - }, - "postalCode": { - "ldapAttribute": "postalCode", + "passwordExpirationTime": { + "ldapAttribute": "pwdExpirationTime", "type": "simple", + "writability": "readOnlyDiscardWrites", }, - "preferences": { - "ldapAttribute": "fr-idm-preferences", - "type": "json", - }, - "profileImage": { - "ldapAttribute": "labeledURI", + "passwordLastChangedTime": { + "ldapAttribute": "pwdChangedTime", "type": "simple", + "writability": "readOnlyDiscardWrites", }, "reports": { "isMultiValued": true, "propertyName": "manager", - "resourcePath": "managed/alpha_user", + "resourcePath": "managed/user", "type": "reverseReference", }, "roles": { "isMultiValued": true, "ldapAttribute": "fr-idm-managed-user-roles", "primaryKey": "uid", - "resourcePath": "managed/alpha_role", + "resourcePath": "managed/role", "type": "reference", }, - "sn": { - "ldapAttribute": "sn", - "type": "simple", - }, - "stateProvince": { - "ldapAttribute": "st", - "type": "simple", - }, - "telephoneNumber": { - "ldapAttribute": "telephoneNumber", - "type": "simple", - }, - "userName": { - "ldapAttribute": "uid", - "type": "simple", - }, }, }, - "managed/alpha_usermeta": { - "dnTemplate": "ou=usermeta,o=alpha,o=root,ou=identities", - "jsonAttribute": "fr-idm-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "reconprogressstate": { + "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + "relationships": { + "dnTemplate": "ou=relationships,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-relationship-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", "objectClasses": [ "uidObject", - "fr-idm-generic-obj", + "fr-idm-relationship", ], - "properties": { - "target": { - "propertyName": "_meta", - "resourcePath": "managed/alpha_user", - "type": "reverseReference", - }, - }, }, - "managed/bravo_group": { - "dnTemplate": "ou=groups,o=bravo,o=root,ou=identities", - "idGenerator": { - "propertyName": "name", - "type": "property", - }, - "jsonAttribute": "fr-idm-managed-group-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "cn", - "type": "clientDnNaming", - }, - "nativeId": false, - "objectClasses": [ - "top", - "groupOfURLs", - "fr-idm-managed-group", - ], - "properties": { - "_id": { - "ldapAttribute": "cn", - "primaryKey": true, - "type": "simple", - "writability": "createOnly", - }, - "condition": { - "ldapAttribute": "fr-idm-managed-group-condition", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "members": { - "isMultiValued": true, - "propertyName": "groups", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - }, + "scheduler": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "managed/bravo_organization": { - "dnTemplate": "ou=organization,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-managed-organization-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-managed-organization", - "fr-ext-attrs", - ], - "properties": { - "_id": { - "ldapAttribute": "uid", - "type": "simple", - }, - "admins": { - "isMultiValued": true, - "propertyName": "adminOfOrg", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "children": { - "isMultiValued": true, - "propertyName": "parent", - "resourcePath": "managed/bravo_organization", - "type": "reverseReference", - }, - "members": { - "isMultiValued": true, - "propertyName": "memberOfOrg", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "name": { - "ldapAttribute": "fr-idm-managed-organization-name", - "type": "simple", - }, - "owners": { - "isMultiValued": true, - "propertyName": "ownerOfOrg", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "parent": { - "ldapAttribute": "fr-idm-managed-organization-parent", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", - }, - }, + "scheduler/*": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "managed/bravo_role": { - "dnTemplate": "ou=role,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-managed-role-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", - "objectClasses": [ - "uidObject", - "fr-idm-managed-role", - ], - "properties": { - "members": { - "isMultiValued": true, - "propertyName": "roles", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - }, + "ui/*": { + "dnTemplate": "ou=ui,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "managed/bravo_user": { - "dnTemplate": "ou=user,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-custom-attrs", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "namingStrategy": { - "dnAttribute": "fr-idm-uuid", - "type": "clientDnNaming", - }, - "nativeId": false, - "objectClasses": [ - "person", - "organizationalPerson", - "inetOrgPerson", - "iplanet-am-user-service", - "devicePrintProfilesContainer", - "deviceProfilesContainer", - "kbaInfoContainer", - "fr-idm-managed-user-explicit", - "forgerock-am-dashboard-service", - "inetuser", - "iplanet-am-auth-configuration-service", - "iplanet-am-managed-person", - "iPlanetPreferences", - "oathDeviceProfilesContainer", - "pushDeviceProfilesContainer", - "sunAMAuthAccountLockout", - "sunFMSAML2NameIdentifier", - "webauthnDeviceProfilesContainer", - "fr-idm-hybrid-obj", - "fr-ext-attrs", - ], - "properties": { - "_id": { - "ldapAttribute": "fr-idm-uuid", - "primaryKey": true, - "type": "simple", - }, - "_meta": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-meta", - "primaryKey": "uid", - "resourcePath": "managed/bravo_usermeta", - "type": "reference", - }, - "_notifications": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-notifications", - "primaryKey": "uid", - "resourcePath": "internal/notification", - "type": "reference", + "updates": { + "dnTemplate": "ou=updates,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + }, + }, + }, + "rest2LdapOptions": { + "mvccAttribute": "etag", + "readOnUpdatePolicy": "controls", + "returnNullForMissingProperties": true, + "useMvcc": true, + "usePermissiveModify": true, + "useSubtreeDelete": false, + }, + "security": { + "fileBasedTrustManagerFile": "&{idm.install.dir}/security/truststore", + "fileBasedTrustManagerPasswordFile": "&{idm.install.dir}/security/storepass", + "fileBasedTrustManagerType": "JKS", + "trustManager": "file", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/repo.init.idm.json 1`] = ` +{ + "idm": { + "repo.init": { + "_id": "repo.init", + "insert": { + "internal/role": [ + { + "description": "Administrative access", + "id": "openidm-admin", + "name": "openidm-admin", + }, + { + "description": "Basic minimum user", + "id": "openidm-authorized", + "name": "openidm-authorized", + }, + { + "description": "Anonymous access", + "id": "openidm-reg", + "name": "openidm-reg", + }, + { + "description": "Authenticated via certificate", + "id": "openidm-cert", + "name": "openidm-cert", + }, + { + "description": "Allowed to reassign workflow tasks", + "id": "openidm-tasks-manager", + "name": "openidm-tasks-manager", + }, + { + "description": "Platform provisioning access", + "id": "platform-provisioning", + "name": "platform-provisioning", + }, + ], + "internal/user": [ + { + "id": "openidm-admin", + "password": "&{openidm.admin.password}", + }, + { + "id": "anonymous", + "password": "anonymous", + }, + { + "id": "idm-provisioning", + }, + { + "id": "connector-server-client", + }, + ], + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/router.idm.json 1`] = ` +{ + "idm": { + "router": { + "_id": "router", + "filters": [ + { + "methods": [ + "create", + "update", + ], + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", + }, + "pattern": "^(managed|internal)($|(/.+))", + }, + { + "methods": [ + "update", + ], + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", + }, + "pattern": "^config/managed$", + }, + { + "condition": { + "source": "(context.caller.external === true) && (typeof context.privilege === 'undefined' || Object.keys(context.privilege.matchingPrivileges).length === 0)", + "type": "text/javascript", + }, + "onResponse": { + "source": "require('relationshipFilter').filterResponse()", + "type": "text/javascript", + }, + "pattern": "^(managed|internal)($|(/.+))", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/schedule/taskscan_activate.idm.json 1`] = ` +{ + "idm": { + "schedule/taskscan_activate": { + "_id": "schedule/taskscan_activate", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/activeDate le "\${Time.nowWithOffset}") AND (!(/inactiveDate pr) or /inactiveDate ge "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", + }, + "taskState": { + "completed": "/activateAccount/task-completed", + "started": "/activateAccount/task-started", + }, + }, + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "active" }]; + +logger.debug("Performing Activate Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", + }, + }, + "waitForCompletion": false, + }, + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/schedule/taskscan_expire.idm.json 1`] = ` +{ + "idm": { + "schedule/taskscan_expire": { + "_id": "schedule/taskscan_expire", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/inactiveDate lt "\${Time.nowWithOffset}") AND (!(/activeDate pr) or /activeDate le "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", + }, + "taskState": { + "completed": "/expireAccount/task-completed", + "started": "/expireAccount/task-started", + }, + }, + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "inactive" }]; + +logger.debug("Performing Expire Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", + }, + }, + "waitForCompletion": false, + }, + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/scheduler.idm.json 1`] = ` +{ + "idm": { + "scheduler": { + "_id": "scheduler", + "scheduler": { + "executePersistentSchedules": { + "$bool": "&{openidm.scheduler.execute.persistent.schedules}", + }, + }, + "threadPool": { + "threadCount": 10, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/script.idm.json 1`] = ` +{ + "idm": { + "script": { + "ECMAScript": { + "javascript.optimization.level": 9, + "javascript.recompile.minimumInterval": 60000, + }, + "Groovy": { + "#groovy.disabled.global.ast.transformations": "", + "#groovy.errors.tolerance": 10, + "#groovy.output.debug": false, + "#groovy.output.verbose": false, + "#groovy.script.base": "#any class extends groovy.lang.Script", + "#groovy.script.extension": ".groovy", + "#groovy.target.bytecode": "1.8", + "#groovy.target.directory": "&{idm.data.dir}/classes", + "#groovy.target.indy": true, + "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", + "groovy.classpath": "&{idm.install.dir}/lib", + "groovy.recompile": true, + "groovy.recompile.minimumInterval": 60000, + "groovy.source.encoding": "UTF-8", + }, + "_id": "script", + "properties": {}, + "sources": { + "default": { + "directory": "&{idm.install.dir}/bin/defaults/script", + }, + "install": { + "directory": "&{idm.install.dir}", + }, + "project": { + "directory": "&{idm.instance.dir}", + }, + "project-script": { + "directory": "&{idm.instance.dir}/script", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/secrets.idm.json 1`] = ` +{ + "idm": { + "secrets": { + "_id": "secrets", + "stores": [ + { + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", + "config": { + "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", + "mappings": [ + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.default", + "types": [ + "ENCRYPT", + "DECRYPT", + ], }, - "accountStatus": { - "ldapAttribute": "inetUserStatus", - "type": "simple", + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.config.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], }, - "adminOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-admin", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.password.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], }, - "aliasList": { - "isMultiValued": true, - "ldapAttribute": "iplanet-am-user-alias-list", - "type": "simple", + { + "aliases": [ + "&{openidm.https.keystore.cert.alias|openidm-localhost}", + ], + "secretId": "idm.jwt.session.module.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], }, - "assignedDashboard": { - "isMultiValued": true, - "ldapAttribute": "assignedDashboard", - "type": "simple", + { + "aliases": [ + "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", + ], + "secretId": "idm.jwt.session.module.signing", + "types": [ + "SIGN", + "VERIFY", + ], }, - "authzRoles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", - "primaryKey": "cn", - "resourcePath": "internal/role", - "type": "reference", + { + "aliases": [ + "selfservice", + ], + "secretId": "idm.selfservice.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], }, - "city": { - "ldapAttribute": "l", - "type": "simple", + { + "aliases": [ + "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", + ], + "secretId": "idm.selfservice.signing", + "types": [ + "SIGN", + "VERIFY", + ], }, - "cn": { - "ldapAttribute": "cn", - "type": "simple", - }, - "consentedMappings": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-consentedMapping", - "type": "json", - }, - "country": { - "ldapAttribute": "co", - "type": "simple", - }, - "description": { - "ldapAttribute": "description", - "type": "simple", - }, - "displayName": { - "ldapAttribute": "displayName", - "type": "simple", - }, - "effectiveAssignments": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveAssignment", - "type": "json", - }, - "effectiveGroups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveGroup", - "type": "json", - }, - "effectiveRoles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-effectiveRole", - "type": "json", - }, - "frIndexedDate1": { - "ldapAttribute": "fr-attr-idate1", - "type": "simple", - }, - "frIndexedDate2": { - "ldapAttribute": "fr-attr-idate2", - "type": "simple", - }, - "frIndexedDate3": { - "ldapAttribute": "fr-attr-idate3", - "type": "simple", - }, - "frIndexedDate4": { - "ldapAttribute": "fr-attr-idate4", - "type": "simple", - }, - "frIndexedDate5": { - "ldapAttribute": "fr-attr-idate5", - "type": "simple", - }, - "frIndexedInteger1": { - "ldapAttribute": "fr-attr-iint1", - "type": "simple", - }, - "frIndexedInteger2": { - "ldapAttribute": "fr-attr-iint2", - "type": "simple", - }, - "frIndexedInteger3": { - "ldapAttribute": "fr-attr-iint3", - "type": "simple", - }, - "frIndexedInteger4": { - "ldapAttribute": "fr-attr-iint4", - "type": "simple", - }, - "frIndexedInteger5": { - "ldapAttribute": "fr-attr-iint5", - "type": "simple", - }, - "frIndexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti1", - "type": "simple", - }, - "frIndexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti2", - "type": "simple", - }, - "frIndexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti3", - "type": "simple", - }, - "frIndexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti4", - "type": "simple", - }, - "frIndexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-imulti5", - "type": "simple", - }, - "frIndexedString1": { - "ldapAttribute": "fr-attr-istr1", - "type": "simple", - }, - "frIndexedString2": { - "ldapAttribute": "fr-attr-istr2", - "type": "simple", - }, - "frIndexedString3": { - "ldapAttribute": "fr-attr-istr3", - "type": "simple", - }, - "frIndexedString4": { - "ldapAttribute": "fr-attr-istr4", - "type": "simple", - }, - "frIndexedString5": { - "ldapAttribute": "fr-attr-istr5", - "type": "simple", - }, - "frUnindexedDate1": { - "ldapAttribute": "fr-attr-date1", - "type": "simple", - }, - "frUnindexedDate2": { - "ldapAttribute": "fr-attr-date2", - "type": "simple", - }, - "frUnindexedDate3": { - "ldapAttribute": "fr-attr-date3", - "type": "simple", - }, - "frUnindexedDate4": { - "ldapAttribute": "fr-attr-date4", - "type": "simple", - }, - "frUnindexedDate5": { - "ldapAttribute": "fr-attr-date5", - "type": "simple", - }, - "frUnindexedInteger1": { - "ldapAttribute": "fr-attr-int1", - "type": "simple", - }, - "frUnindexedInteger2": { - "ldapAttribute": "fr-attr-int2", - "type": "simple", - }, - "frUnindexedInteger3": { - "ldapAttribute": "fr-attr-int3", - "type": "simple", - }, - "frUnindexedInteger4": { - "ldapAttribute": "fr-attr-int4", - "type": "simple", - }, - "frUnindexedInteger5": { - "ldapAttribute": "fr-attr-int5", - "type": "simple", - }, - "frUnindexedMultivalued1": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi1", - "type": "simple", - }, - "frUnindexedMultivalued2": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi2", - "type": "simple", - }, - "frUnindexedMultivalued3": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi3", - "type": "simple", - }, - "frUnindexedMultivalued4": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi4", - "type": "simple", - }, - "frUnindexedMultivalued5": { - "isMultiValued": true, - "ldapAttribute": "fr-attr-multi5", - "type": "simple", - }, - "frUnindexedString1": { - "ldapAttribute": "fr-attr-str1", - "type": "simple", - }, - "frUnindexedString2": { - "ldapAttribute": "fr-attr-str2", - "type": "simple", - }, - "frUnindexedString3": { - "ldapAttribute": "fr-attr-str3", - "type": "simple", - }, - "frUnindexedString4": { - "ldapAttribute": "fr-attr-str4", - "type": "simple", - }, - "frUnindexedString5": { - "ldapAttribute": "fr-attr-str5", - "type": "simple", - }, - "givenName": { - "ldapAttribute": "givenName", - "type": "simple", - }, - "groups": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-groups", - "primaryKey": "cn", - "resourcePath": "managed/bravo_group", - "type": "reference", - }, - "kbaInfo": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-kbaInfo", - "type": "json", - }, - "lastSync": { - "ldapAttribute": "fr-idm-lastSync", - "type": "json", - }, - "mail": { - "ldapAttribute": "mail", - "type": "simple", - }, - "manager": { - "isMultiValued": false, - "ldapAttribute": "fr-idm-managed-user-manager", - "primaryKey": "uid", - "resourcePath": "managed/bravo_user", - "type": "reference", - }, - "memberOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-member", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", - }, - "memberOfOrgIDs": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-memberoforgid", - "type": "simple", - }, - "ownerOfOrg": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-organization-owner", - "primaryKey": "uid", - "resourcePath": "managed/bravo_organization", - "type": "reference", - }, - "password": { - "ldapAttribute": "userPassword", - "type": "simple", - }, - "postalAddress": { - "ldapAttribute": "street", - "type": "simple", - }, - "postalCode": { - "ldapAttribute": "postalCode", - "type": "simple", - }, - "preferences": { - "ldapAttribute": "fr-idm-preferences", - "type": "json", - }, - "profileImage": { - "ldapAttribute": "labeledURI", - "type": "simple", - }, - "reports": { - "isMultiValued": true, - "propertyName": "manager", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - "roles": { - "isMultiValued": true, - "ldapAttribute": "fr-idm-managed-user-roles", - "primaryKey": "uid", - "resourcePath": "managed/bravo_role", - "type": "reference", - }, - "sn": { - "ldapAttribute": "sn", - "type": "simple", - }, - "stateProvince": { - "ldapAttribute": "st", - "type": "simple", - }, - "telephoneNumber": { - "ldapAttribute": "telephoneNumber", - "type": "simple", - }, - "userName": { - "ldapAttribute": "uid", - "type": "simple", - }, - }, - }, - "managed/bravo_usermeta": { - "dnTemplate": "ou=usermeta,o=bravo,o=root,ou=identities", - "jsonAttribute": "fr-idm-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-generic-obj", - ], - "properties": { - "target": { - "propertyName": "_meta", - "resourcePath": "managed/bravo_user", - "type": "reverseReference", - }, - }, - }, - "managed/teammembermeta": { - "dnTemplate": "ou=teammembermeta,o=root,ou=identities", - "jsonAttribute": "fr-idm-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", - "objectClasses": [ - "uidObject", - "fr-idm-generic-obj", - ], - "properties": { - "target": { - "propertyName": "_meta", - "resourcePath": "managed/teammember", - "type": "reverseReference", - }, - }, - }, - "reconprogressstate": { - "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=example,dc=com", - }, - "relationships": { - "dnTemplate": "ou=relationships,dc=openidm,dc=example,dc=com", - "jsonAttribute": "fr-idm-relationship-json", - "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", - "objectClasses": [ - "uidObject", - "fr-idm-relationship", - ], - }, - "scheduler": { - "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", - }, - "scheduler/*": { - "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", - }, - "ui/*": { - "dnTemplate": "ou=ui,dc=openidm,dc=example,dc=com", - }, - "updates": { - "dnTemplate": "ou=updates,dc=openidm,dc=example,dc=com", - }, - }, - }, - "rest2LdapOptions": { - "mvccAttribute": "etag", - "readOnUpdatePolicy": "controls", - "returnNullForMissingProperties": true, - "useMvcc": true, - "usePermissiveModify": true, - "useSubtreeDelete": true, - }, - "security": { - "keyManager": "jvm", - "trustManager": "jvm", - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/router.idm.json 1`] = ` -{ - "idm": { - "router": { - "_id": "router", - "filters": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/script.idm.json 1`] = ` -{ - "idm": { - "script": { - "ECMAScript": { - "#javascript.debug": "&{openidm.script.javascript.debug}", - "javascript.recompile.minimumInterval": 60000, - }, - "Groovy": { - "#groovy.disabled.global.ast.transformations": "", - "#groovy.errors.tolerance": 10, - "#groovy.output.debug": false, - "#groovy.output.verbose": false, - "#groovy.script.base": "#any class extends groovy.lang.Script", - "#groovy.script.extension": ".groovy", - "#groovy.source.encoding": "utf-8 #default US-ASCII", - "#groovy.target.bytecode": "1.5", - "#groovy.target.indy": true, - "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", - "groovy.classpath": "&{idm.install.dir}/lib", - "groovy.recompile": true, - "groovy.recompile.minimumInterval": 60000, - "groovy.source.encoding": "UTF-8", - "groovy.target.directory": "&{idm.install.dir}/classes", - }, - "_id": "script", - "properties": {}, - "sources": { - "default": { - "directory": "&{idm.install.dir}/bin/defaults/script", - }, - "install": { - "directory": "&{idm.install.dir}", - }, - "project": { - "directory": "&{idm.instance.dir}", - }, - "project-script": { - "directory": "&{idm.instance.dir}/script", - }, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/secrets.idm.json 1`] = ` -{ - "idm": { - "secrets": { - "_id": "secrets", - "populateDefaults": true, - "stores": [ - { - "class": "org.forgerock.openidm.secrets.config.FileBasedStore", - "config": { - "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", - "mappings": [ - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - "openidm-localhost", - ], - "secretId": "idm.default", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - ], - "secretId": "idm.config.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - ], - "secretId": "idm.password.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.https.keystore.cert.alias|openidm-localhost}", - ], - "secretId": "idm.jwt.session.module.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", - ], - "secretId": "idm.jwt.session.module.signing", - "types": [ - "SIGN", - "VERIFY", - ], - }, - { - "aliases": [ - "selfservice", - ], - "secretId": "idm.selfservice.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", - ], - "secretId": "idm.selfservice.signing", - "types": [ - "SIGN", - "VERIFY", - ], - }, - { - "aliases": [ - "&{openidm.config.crypto.alias|openidm-sym-default}", - ], - "secretId": "idm.assignment.attribute.encryption", - "types": [ - "ENCRYPT", - "DECRYPT", - ], + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.assignment.attribute.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], }, ], "providerName": "&{openidm.keystore.provider|SunJCE}", @@ -264646,7 +257424,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "name": "mainKeyStore", }, { - "class": "org.forgerock.openidm.secrets.config.FileBasedStore", + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", "config": { "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", "mappings": [], @@ -264663,17 +257441,22 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.kba.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/selfservice.kba.idm.json 1`] = ` { "idm": { "selfservice.kba": { "_id": "selfservice.kba", "kbaPropertyName": "kbaInfo", - "minimumAnswersToDefine": 1, + "minimumAnswersToDefine": 2, "minimumAnswersToVerify": 1, "questions": { "1": { "en": "What's your favorite color?", + "en_GB": "What is your favourite colour?", + "fr": "Quelle est votre couleur préférée?", + }, + "2": { + "en": "Who was your first employer?", }, }, }, @@ -264682,7 +257465,66 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.terms.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/selfservice.propertymap.idm.json 1`] = ` +{ + "idm": { + "selfservice.propertymap": { + "_id": "selfservice.propertymap", + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "familyName", + "target": "sn", + }, + { + "source": "email", + "target": "mail", + }, + { + "condition": "/object/postalAddress pr", + "source": "postalAddress", + "target": "postalAddress", + }, + { + "condition": "/object/addressLocality pr", + "source": "addressLocality", + "target": "city", + }, + { + "condition": "/object/addressRegion pr", + "source": "addressRegion", + "target": "stateProvince", + }, + { + "condition": "/object/postalCode pr", + "source": "postalCode", + "target": "postalCode", + }, + { + "condition": "/object/country pr", + "source": "country", + "target": "country", + }, + { + "condition": "/object/phone pr", + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "username", + "target": "userName", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/selfservice.terms.idm.json 1`] = ` { "idm": { "selfservice.terms": { @@ -264708,18 +257550,18 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/cors.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/servletfilter/cors.idm.json 1`] = ` { "idm": { "servletfilter/cors": { "_id": "servletfilter/cors", + "filterClass": "org.eclipse.jetty.ee10.servlets.CrossOriginFilter", "initParams": { - "allowCredentials": false, - "allowedHeaders": "authorization,accept,content-type,origin,x-requested-with,cache-control,accept-api-version,if-match,if-none-match", + "allowCredentials": true, + "allowedHeaders": "accept,x-openidm-password,x-openidm-nosession,x-openidm-username,content-type,origin,x-requested-with", "allowedMethods": "GET,POST,PUT,DELETE,PATCH", - "allowedOrigins": "*", + "allowedOrigins": "https://localhost:&{openidm.port.https}", "chainPreflight": false, - "exposedHeaders": "WWW-Authenticate", }, "urlPatterns": [ "/*", @@ -264730,11 +257572,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/payload.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/servletfilter/payload.idm.json 1`] = ` { "idm": { "servletfilter/payload": { "_id": "servletfilter/payload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", "initParams": { "maxRequestSizeInMegabytes": 5, }, @@ -264747,11 +257590,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/upload.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/servletfilter/upload.idm.json 1`] = ` { "idm": { "servletfilter/upload": { "_id": "servletfilter/upload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", "initParams": { "maxRequestSizeInMegabytes": 50, }, @@ -264764,11 +257608,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/admin.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/admin.idm.json 1`] = ` { "idm": { "ui.context/admin": { "_id": "ui.context/admin", + "cacheEnabled": true, "defaultDir": "&{idm.install.dir}/ui/admin/default", "enabled": true, "extensionDir": "&{idm.install.dir}/ui/admin/extension", @@ -264782,7 +257627,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/api.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/api.idm.json 1`] = ` { "idm": { "ui.context/api": { @@ -264799,11 +257644,12 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/enduser.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/enduser.idm.json 1`] = ` { "idm": { "ui.context/enduser": { "_id": "ui.context/enduser", + "cacheEnabled": true, "defaultDir": "&{idm.install.dir}/ui/enduser", "enabled": true, "responseHeaders": { @@ -264816,7 +257662,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/oauth.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui.context/oauth.idm.json 1`] = ` { "idm": { "ui.context/oauth": { @@ -264832,7 +257678,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/configuration.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/configuration.idm.json 1`] = ` { "idm": { "ui/configuration": { @@ -264855,19 +257701,13 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "name": "common.notification.types.warning", }, }, - "passwordReset": true, + "passwordReset": false, "passwordResetLink": "", - "platformSettings": { - "adminOauthClient": "idmAdminClient", - "adminOauthClientScopes": "fr:idm:*", - "amUrl": "/am", - "loginUrl": "", - }, "roles": { "internal/role/openidm-admin": "ui-admin", "internal/role/openidm-authorized": "ui-user", }, - "selfRegistration": true, + "selfRegistration": false, }, }, }, @@ -264875,7 +257715,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/dashboard.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/dashboard.idm.json 1`] = ` { "idm": { "ui/dashboard": { @@ -264887,16 +257727,6 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "widgets": [ { "cards": [ - { - "href": "#resource/managed/alpha_user/list/", - "icon": "fa-user", - "name": "Manage Users", - }, - { - "href": "#resource/managed/alpha_role/list/", - "icon": "fa-check-square-o", - "name": "Manage Roles", - }, { "href": "#connectors/add/", "icon": "fa-database", @@ -264907,11 +257737,31 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "icon": "fa-map-marker", "name": "Create Mapping", }, + { + "href": "#resource/managed/role/list/", + "icon": "fa-check-square-o", + "name": "Manage Roles", + }, { "href": "#managed/add/", "icon": "fa-tablet", "name": "Add Device", }, + { + "href": "#selfservice/userregistration/", + "icon": "fa-gear", + "name": "Configure Registration", + }, + { + "href": "#selfservice/passwordreset/", + "icon": "fa-gear", + "name": "Configure Password Reset", + }, + { + "href": "#resource/managed/user/list/", + "icon": "fa-user", + "name": "Manage Users", + }, { "href": "#settings/", "icon": "fa-user", @@ -265042,6 +257892,16 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou }, ], }, + { + "isDefault": false, + "name": "seantestdashboard", + "widgets": [ + { + "size": "large", + "type": "resourceList", + }, + ], + }, ], "dashboard": { "widgets": [ @@ -265057,7 +257917,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/profile.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/profile.idm.json 1`] = ` { "idm": { "ui/profile": { @@ -265106,7 +257966,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/themeconfig.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/ui/themeconfig.idm.json 1`] = ` { "idm": { "ui/themeconfig": { @@ -265115,19 +257975,19 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou "path": "", "settings": { "footer": { - "mailto": "info@forgerock.com", + "mailto": "info@pingidentity.com", }, "loginLogo": { - "alt": "ForgeRock", - "height": "104px", + "alt": "Ping Identity", + "height": "120px", "src": "images/login-logo-dark.png", - "title": "ForgeRock", - "width": "210px", + "title": "Ping Identity", + "width": "120px", }, "logo": { - "alt": "ForgeRock", + "alt": "Ping Identity", "src": "images/logo-horizontal-white.png", - "title": "ForgeRock", + "title": "Ping Identity", }, }, "stylesheets": [ @@ -265141,50 +258001,36 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/uilocale/fr.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.idm.json 1`] = ` { "idm": { - "uilocale/fr": { - "_id": "uilocale/fr", - "admin": { - "overrides": { - "AppLogoURI": "URI du logo de l’application", - "EmailAddress": "Adresse e-mail", - "Name": "Nom", - "Owners": "Les propriétaires", - }, - "sideMenu": { - "securityQuestions": "Questions de sécurité", - }, + "webserver": { + "_id": "webserver", + "gzip": { + "enabled": true, + "includedMethods": [ + "GET", + ], }, - "enduser": { - "overrides": { - "FirstName": "Prénom", - "LastName": "Nom de famille", - }, - "pages": { - "dashboard": { - "widgets": { - "welcome": { - "greeting": "Bonjour", - }, - }, - }, - }, + "maxThreads": { + "$int": "&{openidm.webserver.max.threads|&{org.ops4j.pax.web.server.maxThreads|200}}", }, - "login": { - "login": { - "next": "Suivant", - }, - "overrides": { - "Password": "Mot de passe", - "UserName": "Nom d'utilisateur", - }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.listener/http.idm.json 1`] = ` +{ + "idm": { + "webserver.listener/http": { + "_id": "webserver.listener/http", + "enabled": { + "$bool": "&{openidm.http.enabled|true}", }, - "shared": { - "sideMenu": { - "dashboard": "Tableau de bord", - }, + "port": { + "$int": "&{openidm.port.http|8080}", }, }, }, @@ -265192,84 +258038,46 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/undefined.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.listener/https.idm.json 1`] = ` { "idm": { - "undefined": { - "_id": "undefined", - "mapping": { - "mapping/managedBravo_user_managedBravo_user0": { - "_id": "mapping/managedBravo_user_managedBravo_user0", - "consentRequired": false, - "displayName": "managedBravo_user_managedBravo_user0", - "icon": null, - "name": "managedBravo_user_managedBravo_user0", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [], - "source": "managed/bravo_user", - "target": "managed/bravo_user", - }, + "webserver.listener/https": { + "_id": "webserver.listener/https", + "enabled": { + "$bool": "&{openidm.https.enabled|true}", + }, + "port": { + "$int": "&{openidm.port.https|8443}", }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-admin.internalRole.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/idm/webserver.listener/mutualAuth.idm.json 1`] = ` +{ + "idm": { + "webserver.listener/mutualAuth": { + "_id": "webserver.listener/mutualAuth", + "enabled": { + "$bool": "&{openidm.mutualauth.enabled|true}", + }, + "mutualAuth": true, + "port": { + "$int": "&{openidm.port.mutualauth|8444}", + }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-admin.internalRole.json 1`] = ` { "internalRole": { "openidm-admin": { @@ -265285,7 +258093,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-authorized.internalRole.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-authorized.internalRole.json 1`] = ` { "internalRole": { "openidm-authorized": { @@ -265301,7 +258109,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-cert.internalRole.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-cert.internalRole.json 1`] = ` { "internalRole": { "openidm-cert": { @@ -265317,7 +258125,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-reg.internalRole.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-reg.internalRole.json 1`] = ` { "internalRole": { "openidm-reg": { @@ -265333,7 +258141,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-tasks-manager.internalRole.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/openidm-tasks-manager.internalRole.json 1`] = ` { "internalRole": { "openidm-tasks-manager": { @@ -265349,7 +258157,7 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/platform-provisioning.internalRole.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/internalRole/platform-provisioning.internalRole.json 1`] = ` { "internalRole": { "platform-provisioning": { @@ -265365,333 +258173,224 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/test-internal-role.internalRole.json 1`] = ` +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/managedOrganization_managedRole.sync.json 1`] = ` { - "internalRole": { - "ccb11ba1-333b-4197-95db-89bb08a2ab56": { - "_id": "ccb11ba1-333b-4197-95db-89bb08a2ab56", - "condition": "/description co "somerandomstring"", - "description": "A test internal role", - "name": "test-internal-role", - "privileges": [ - { - "accessFlags": [ - { - "attribute": "userName", - "readOnly": false, - }, - { - "attribute": "givenName", - "readOnly": false, - }, - { - "attribute": "cn", - "readOnly": false, - }, - { - "attribute": "sn", - "readOnly": false, - }, - { - "attribute": "mail", - "readOnly": false, - }, - { - "attribute": "profileImage", - "readOnly": true, - }, - { - "attribute": "description", - "readOnly": false, - }, - { - "attribute": "accountStatus", - "readOnly": true, - }, - { - "attribute": "telephoneNumber", - "readOnly": true, - }, - { - "attribute": "postalAddress", - "readOnly": true, - }, - { - "attribute": "city", - "readOnly": true, - }, - { - "attribute": "postalCode", - "readOnly": true, - }, - { - "attribute": "country", - "readOnly": true, - }, - { - "attribute": "stateProvince", - "readOnly": true, - }, - { - "attribute": "roles", - "readOnly": true, - }, - { - "attribute": "assignments", - "readOnly": true, - }, - { - "attribute": "groups", - "readOnly": true, - }, - { - "attribute": "applications", - "readOnly": true, - }, - { - "attribute": "manager", - "readOnly": true, - }, - { - "attribute": "authzRoles", - "readOnly": true, - }, - { - "attribute": "reports", - "readOnly": true, - }, - { - "attribute": "effectiveRoles", - "readOnly": true, - }, - { - "attribute": "effectiveAssignments", - "readOnly": true, - }, - { - "attribute": "effectiveGroups", - "readOnly": true, - }, - { - "attribute": "effectiveApplications", - "readOnly": true, - }, - { - "attribute": "lastSync", - "readOnly": true, - }, - { - "attribute": "kbaInfo", - "readOnly": true, - }, - { - "attribute": "preferences", - "readOnly": true, - }, - { - "attribute": "consentedMappings", - "readOnly": true, - }, - { - "attribute": "ownerOfOrg", - "readOnly": true, - }, - { - "attribute": "adminOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrg", - "readOnly": true, - }, - { - "attribute": "memberOfOrgIDs", - "readOnly": true, - }, - { - "attribute": "ownerOfApp", - "readOnly": true, - }, - { - "attribute": "frIndexedString1", - "readOnly": true, - }, - { - "attribute": "frIndexedString2", - "readOnly": true, - }, - { - "attribute": "frIndexedString3", - "readOnly": true, - }, - { - "attribute": "frIndexedString4", - "readOnly": true, - }, - { - "attribute": "frIndexedString5", - "readOnly": true, - }, - { - "attribute": "frUnindexedString1", - "readOnly": true, - }, - { - "attribute": "frUnindexedString2", - "readOnly": true, - }, - { - "attribute": "frUnindexedString3", - "readOnly": true, - }, - { - "attribute": "frUnindexedString4", - "readOnly": true, - }, - { - "attribute": "frUnindexedString5", - "readOnly": true, - }, - { - "attribute": "frIndexedMultivalued1", - "readOnly": true, - }, - { - "attribute": "frIndexedMultivalued2", - "readOnly": true, - }, - { - "attribute": "frIndexedMultivalued3", - "readOnly": true, - }, - { - "attribute": "frIndexedMultivalued4", - "readOnly": true, - }, - { - "attribute": "frIndexedMultivalued5", - "readOnly": true, - }, - { - "attribute": "frUnindexedMultivalued1", - "readOnly": true, - }, - { - "attribute": "frUnindexedMultivalued2", - "readOnly": true, - }, - { - "attribute": "frUnindexedMultivalued3", - "readOnly": true, - }, - { - "attribute": "frUnindexedMultivalued4", - "readOnly": true, - }, - { - "attribute": "frUnindexedMultivalued5", - "readOnly": true, - }, - { - "attribute": "frIndexedDate1", - "readOnly": true, - }, - { - "attribute": "frIndexedDate2", - "readOnly": true, - }, - { - "attribute": "frIndexedDate3", - "readOnly": true, - }, - { - "attribute": "frIndexedDate4", - "readOnly": true, - }, - { - "attribute": "frIndexedDate5", - "readOnly": true, - }, - { - "attribute": "frUnindexedDate1", - "readOnly": true, - }, - { - "attribute": "frUnindexedDate2", - "readOnly": true, - }, - { - "attribute": "frUnindexedDate3", - "readOnly": true, - }, - { - "attribute": "frUnindexedDate4", - "readOnly": true, - }, - { - "attribute": "frUnindexedDate5", - "readOnly": true, - }, - { - "attribute": "frIndexedInteger1", - "readOnly": true, - }, - { - "attribute": "frIndexedInteger2", - "readOnly": true, - }, - { - "attribute": "frIndexedInteger3", - "readOnly": true, - }, - { - "attribute": "frIndexedInteger4", - "readOnly": true, - }, - { - "attribute": "frIndexedInteger5", - "readOnly": true, - }, - { - "attribute": "frUnindexedInteger1", - "readOnly": true, - }, - { - "attribute": "frUnindexedInteger2", - "readOnly": true, - }, - { - "attribute": "frUnindexedInteger3", - "readOnly": true, - }, - { - "attribute": "frUnindexedInteger4", - "readOnly": true, - }, - { - "attribute": "frUnindexedInteger5", - "readOnly": true, - }, - { - "attribute": "assignedDashboard", - "readOnly": true, - }, - ], - "actions": [], - "filter": "/userName co "test"", - "name": "Alpha realm - Users", - "path": "managed/alpha_user", - "permissions": [ - "VIEW", - "UPDATE", - "CREATE", - ], - }, - ], - "temporalConstraints": [ - { - "duration": "2024-11-04T12:45:00.000Z/2100-12-01T12:45:00.000Z", - }, + "_id": "sync/managedOrganization_managedRole", + "consentRequired": false, + "displayName": "managedOrganization_managedRole", + "icon": null, + "name": "managedOrganization_managedRole", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/organization", + "syncAfter": [], + "target": "managed/role", +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/managedSeantestmanagedobject_managedUser.sync.json 1`] = ` +{ + "_id": "sync/managedSeantestmanagedobject_managedUser", + "consentRequired": false, + "displayName": "managedSeantestmanagedobject_managedUser", + "icon": null, + "name": "managedSeantestmanagedobject_managedUser", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/seantestmanagedobject", + "syncAfter": [ + "managedOrganization_managedRole", + "seantestmapping", + ], + "target": "managed/user", +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/seantestmapping.sync.json 1`] = ` +{ + "_id": "sync/seantestmapping", + "consentRequired": false, + "displayName": "seantestmapping", + "icon": null, + "name": "seantestmapping", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/assignment", + "syncAfter": [ + "managedOrganization_managedRole", + ], + "target": "managed/organization", +} +`; + +exports[`frodo config export "frodo config export -AD exportAllTestDir13 -m idm": should export all IDM config to the directory with separate mappings: exportAllTestDir13/global/sync/sync.idm.json 1`] = ` +{ + "idm": { + "sync": { + "_id": "sync", + "mappings": [ + "file://managedOrganization_managedRole.sync.json", + "file://seantestmapping.sync.json", + "file://managedSeantestmanagedobject_managedUser.sync.json", ], }, }, @@ -265699,640 +258398,1783 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_assignment_managedBravo_assignment.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate 1`] = `""`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoEmailVerification.emailTemplate.json 1`] = ` { - "mapping": { - "mapping/managedAlpha_assignment_managedBravo_assignment": { - "_id": "mapping/managedAlpha_assignment_managedBravo_assignment", - "consentRequired": false, - "displayName": "managedAlpha_assignment_managedBravo_assignment", - "icon": null, - "name": "managedAlpha_assignment_managedBravo_assignment", - "policies": [ + "emailTemplate": { + "baselineDemoEmailVerification": { + "_id": "emailTemplate/baselineDemoEmailVerification", + "defaultLocale": "en", + "displayName": "Baseline Demo Email Verification", + "enabled": true, + "from": "security@example.com", + "html": { + "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verification for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "message": { + "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verfication for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #f6f6f6; + color: #455469; + padding: 60px; + text-align: center +} + a { + text-decoration: none; + color: #109cf1; +} + h1 { + font-size: 40px; + text-align: center; +} + h2 { + font-size: 36px; +} + h3 { + font-size: 32px; +} + h4 { + font-size: 28px; +} + h5 { + font-size: 24px; +} + h6 { + font-size: 20px; +} + .content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 600px +} + .button { + background-color: #109cf1; + border: none; + color: white; + padding: 15px 32px; + text-align: center; + text-decoration: none; + display: inline-block; + font-size: 16px; +} + ", + "subject": { + "en": "Please verify your email address", + }, + "templateId": "baselineDemoEmailVerification", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/baselineDemoMagicLink.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "baselineDemoMagicLink": { + "_id": "emailTemplate/baselineDemoMagicLink", + "defaultLocale": "en", + "displayName": "Baseline Demo Magic Link", + "enabled": true, + "from": "security@example.com", + "html": { + "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "message": { + "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #f6f6f6; + color: #455469; + padding: 60px; + text-align: center +} + a { + text-decoration: none; + color: #109cf1; +} + h1 { + font-size: 40px; + text-align: center; +} + h2 { + font-size: 36px; +} + h3 { + font-size: 32px; +} + h4 { + font-size: 28px; +} + h5 { + font-size: 24px; +} + h6 { + font-size: 20px; +} + .content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 600px +} + .button { + background-color: #109cf1; + border: none; + color: white; + padding: 15px 32px; + text-align: center; + text-decoration: none; + display: inline-block; + font-size: 16px; +} + ", + "subject": { + "en": "Your sign-in link", + }, + "templateId": "baselineDemoMagicLink", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/forgottenUsername.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "forgottenUsername": { + "_id": "emailTemplate/forgottenUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", + }, + "message": { + "en": "

{{#if object.userName}}Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "
{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Account Information - username", + "fr": "Informations sur le compte - nom d'utilisateur", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frEmailUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frEmailUpdated": { + "_id": "emailTemplate/frEmailUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account email has changed

Your ForgeRock Identity Cloud email has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your email has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frForgotUsername.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frForgotUsername": { + "_id": "emailTemplate/frForgotUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Forgot your username?

Your username is {{ object.userName }}.

Sign In to Your Account

If you didn't request this, please ignore this email.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Forgot Username", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frOnboarding.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frOnboarding": { + "_id": "emailTemplate/frOnboarding", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account is ready

Your ForgeRock Identity Cloud account is ready. Click the button below to complete registration and access your environment.

Complete Registration

If you did not request this account, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Complete your ForgeRock Identity Cloud registration", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frPasswordUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frPasswordUpdated": { + "_id": "emailTemplate/frPasswordUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account password has changed

Your ForgeRock Identity Cloud password has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your password has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frProfileUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frProfileUpdated": { + "_id": "emailTemplate/frProfileUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account profile has changed

Your ForgeRock Identity Cloud profile has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your profile has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frResetPassword.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frResetPassword": { + "_id": "emailTemplate/frResetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Reset your password

It seems you have forgotten the password for your ForgeRock Identity Cloud account. Click the button below to reset your password and access your environment.

Reset Password

If you did not request to reset your password, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/frUsernameUpdated.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "frUsernameUpdated": { + "_id": "emailTemplate/frUsernameUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
ForgeRock Logo

Your account username has changed

Your ForgeRock Identity Cloud username has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
", + }, + "mimeType": "text/html", + "subject": { + "en": "Your username has been updated", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/idv.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "idv": { + "_id": "emailTemplate/idv", + "defaultLocale": "en", + "description": "Identity Verification Invitation", + "displayName": "idv", + "enabled": true, + "from": "", + "html": { + "en": "

Click the link below to verify your identity:

Verify my identity now

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "message": { + "en": "

Click the link below to verify your identity:

Verify my identity now

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "mimeType": "text/html", + "name": "registration", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "You have been invited to verify your identity", + "fr": "Créer un nouveau compte", + }, + "templateId": "idv", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/joiner.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "joiner": { + "_id": "emailTemplate/joiner", + "advancedEditor": true, + "defaultLocale": "en", + "description": "This email will be sent onCreate of user to the external eMail address provided during creation. An OTP will also be sent to Telephone Number provided during creation to validate the user. The user will then be able to set their password and ForgeRock Push Authenticator", + "displayName": "Joiner", + "enabled": true, + "from": ""Encore HR" ", + "html": { + "en": "", + }, + "message": { + "en": " + + +
+

+ +

+

Welcome to Encore {{object.givenName}} {{object.sn}}

+

Please click on the link below to validate your phone number with a One Time Code that will be sent via SMS or called to you depending on your phone type.

+

You will see your UserName and have the ability to set your password that will be used to login to Encore resources.

+

As we believe in enhanced security, you will also be setting up a Push Notification for future use.

+ Click to Join Encore +
+ +", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #324054; + color: #455469; + padding: 60px; + text-align: center +} + a { + text-decoration: none; + color: #109cf1; +} + .content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 235px +} + ", + "subject": { + "en": "Welcome to Encore!", + }, + "templateId": "joiner", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registerPasswordlessDevice.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "registerPasswordlessDevice": { + "_id": "emailTemplate/registerPasswordlessDevice", + "defaultLocale": "en", + "description": "", + "displayName": "Register Passwordless Device", + "enabled": true, + "from": ""ForgeRock Identity Cloud" ", + "html": { + "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "message": { + "en": "

Welcome back

alt text


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

", + }, + "mimeType": "text/html", + "styles": "body { + background-color: #324054; + color: #455469; + padding: 60px; + text-align: center +} + +a { + text-decoration: none; + color: #109cf1; +} + +.content { + background-color: #fff; + border-radius: 4px; + margin: 0 auto; + padding: 48px; + width: 235px +} +", + "subject": { + "en": "Your magic link is here - register new WebAuthN device", + }, + "templateId": "registerPasswordlessDevice", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/registration.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "registration": { + "_id": "emailTemplate/registration", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "message": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Register new account", + "fr": "Créer un nouveau compte", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/resetPassword.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "resetPassword": { + "_id": "emailTemplate/resetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Click to reset your password

Password reset link

", + "fr": "

Cliquez pour réinitialiser votre mot de passe

Mot de passe lien de réinitialisation

", + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password", + "fr": "Réinitialisez votre mot de passe", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/updatePassword.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "updatePassword": { + "_id": "emailTemplate/updatePassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "

Verify email to update password

Update password link

", + }, + "message": { + "en": "

Verify email to update password

Update password link

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Update your password", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/emailTemplate/welcome.emailTemplate.json 1`] = ` +{ + "emailTemplate": { + "welcome": { + "_id": "emailTemplate/welcome", + "defaultLocale": "en", + "displayName": "Welcome", + "enabled": true, + "from": "", + "html": { + "en": "

Welcome. Your username is '{{object.userName}}'.

", + }, + "message": { + "en": "

Welcome. Your username is '{{object.userName}}'.

", + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Your account has been created", + }, + "templateId": "welcome", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/access.idm.json 1`] = ` +{ + "idm": { + "access": { + "_id": "access", + "configs": [ { - "action": "ASYNC", - "situation": "ABSENT", + "actions": "*", + "methods": "read", + "pattern": "info/*", + "roles": "*", }, { - "action": "ASYNC", - "situation": "ALL_GONE", + "actions": "login,logout", + "methods": "read,action", + "pattern": "authentication", + "roles": "*", }, { - "action": "ASYNC", - "situation": "AMBIGUOUS", + "actions": "*", + "methods": "read", + "pattern": "config/fidc/*", + "roles": "*", }, { - "action": "ASYNC", - "situation": "CONFIRMED", + "actions": "*", + "methods": "*", + "pattern": "config/fidc/*", + "roles": "internal/role/openidm-admin", }, { - "action": "ASYNC", - "situation": "FOUND", + "actions": "*", + "methods": "read", + "pattern": "config/ui/themeconfig", + "roles": "*", }, { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", + "actions": "*", + "methods": "read", + "pattern": "config/ui/themerealm", + "roles": "*", }, { - "action": "ASYNC", - "situation": "LINK_ONLY", + "actions": "*", + "methods": "read", + "pattern": "config/uilocale/*", + "roles": "*", }, { - "action": "ASYNC", - "situation": "MISSING", + "actions": "*", + "methods": "read", + "pattern": "config/fieldPolicy/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", + "actions": "*", + "methods": "read", + "pattern": "info/uiconfig", + "roles": "*", }, { - "action": "ASYNC", - "situation": "SOURCE_MISSING", + "actions": "*", + "methods": "read", + "pattern": "config/ui/dashboard", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "actions": "*", + "methods": "query", + "pattern": "info/features", + "roles": "*", }, { - "action": "ASYNC", - "situation": "UNASSIGNED", + "actions": "listPrivileges", + "methods": "action", + "pattern": "privilege", + "roles": "*", }, { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "actions": "*", + "methods": "read", + "pattern": "privilege/*", + "roles": "*", }, - ], - "properties": [], - "source": "managed/alpha_assignment", - "target": "managed/bravo_assignment", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_user_systemAzureUser.mapping.json 1`] = ` -{ - "mapping": { - "mapping/managedAlpha_user_systemAzureUser": { - "_id": "mapping/managedAlpha_user_systemAzureUser", - "consentRequired": false, - "defaultSourceFields": [ - "*", - "assignments", - ], - "defaultTargetFields": [ - "*", - "memberOf", - "__roles__", - "__servicePlanIds__", - ], - "displayName": "managedAlpha_user_systemAzureUser", - "icon": null, - "name": "managedAlpha_user_systemAzureUser", - "optimizeAssignmentSync": true, - "policies": [ { - "action": "ASYNC", - "situation": "AMBIGUOUS", + "actions": "validate", + "methods": "action", + "pattern": "util/validateQueryFilter", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "SOURCE_MISSING", + "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled('kba')", + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "MISSING", + "actions": "*", + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/openidm-authorized", }, { - "action": "DELETE", - "situation": "UNQUALIFIED", + "actions": "*", + "excludePatterns": "repo,repo/*", + "methods": "*", + "pattern": "*", + "roles": "internal/role/openidm-admin", }, { - "action": "ASYNC", - "situation": "UNASSIGNED", + "actions": "", + "methods": "create,read,update,delete,patch,query", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", }, { - "action": "ASYNC", - "situation": "LINK_ONLY", + "actions": "*", + "methods": "script", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", }, { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "actions": "test,testConfig,createconfiguration,liveSync,authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", }, { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo", + "roles": "internal/role/openidm-admin", }, { - "action": "ASYNC", - "situation": "ALL_GONE", + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo/*", + "roles": "internal/role/openidm-admin", }, { - "action": "UPDATE", - "situation": "CONFIRMED", + "actions": "command", + "customAuthz": "request.additionalParameters.commandId === 'delete-mapping-links'", + "methods": "action", + "pattern": "repo/link", + "roles": "internal/role/openidm-admin", }, { - "action": "ASYNC", - "situation": "FOUND", + "methods": "create,read,query,patch", + "pattern": "managed/*", + "roles": "internal/role/platform-provisioning", }, { - "action": "CREATE", - "situation": "ABSENT", + "methods": "read,query", + "pattern": "internal/role/*", + "roles": "internal/role/platform-provisioning", }, { - "action": "ASYNC", - "situation": "SOURCE_TARGET_CONFLICT", + "actions": "*", + "methods": "create,read,action,update", + "pattern": "profile/*", + "roles": "internal/role/platform-provisioning", }, { - "action": "INCORPORATE_CHANGES", - "situation": "TARGET_CHANGED", + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/platform-provisioning", }, - ], - "properties": [ { - "source": "mail", - "target": "mail", + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/platform-provisioning", }, { - "source": "givenName", - "target": "givenName", + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/platform-provisioning", }, { - "source": "sn", - "target": "surname", + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/platform-provisioning", }, { - "source": "", - "target": "displayName", - "transform": { - "source": "source.givenName+" "+source.sn", - "type": "text/javascript", - }, + "methods": "read", + "pattern": "selfservice/terms", + "roles": "internal/role/platform-provisioning", }, { - "source": "", - "target": "mailNickname", - "transform": { - "source": "source.givenName[0].toLowerCase()+source.sn.toLowerCase()", - "type": "text/javascript", - }, + "methods": "read", + "pattern": "identityProviders", + "roles": "internal/role/platform-provisioning", }, { - "source": "", - "target": "accountEnabled", - "transform": { - "source": "true", - "type": "text/javascript", - }, + "actions": "sendTemplate", + "methods": "action", + "pattern": "external/email", + "roles": "internal/role/platform-provisioning", }, { - "condition": { - "globals": {}, - "source": "(typeof oldTarget === 'undefined' || oldTarget === null)", - "type": "text/javascript", - }, - "source": "", - "target": "__PASSWORD__", - "transform": { - "source": ""!@#$%"[Math.floor(Math.random()*5)] + Math.random().toString(36).slice(2, 13).toUpperCase()+Math.random().toString(36).slice(2,13)", - "type": "text/javascript", - }, + "actions": "authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/platform-provisioning", }, - ], - "queuedSync": { - "enabled": true, - "maxRetries": 0, - "pollingInterval": 10000, - }, - "runTargetPhase": false, - "source": "managed/alpha_user", - "sourceCondition": "/source/effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", - "sourceQuery": { - "_queryFilter": "effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or lastSync/managedAlpha_user_systemAzureUser pr or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", - }, - "target": "system/Azure/User", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_group_managedBravo_group.mapping.json 1`] = ` -{ - "mapping": { - "mapping/managedBravo_group_managedBravo_group": { - "_id": "mapping/managedBravo_group_managedBravo_group", - "consentRequired": false, - "displayName": "managedBravo_group_managedBravo_group", - "icon": null, - "name": "managedBravo_group_managedBravo_group", - "policies": [ { - "action": "ASYNC", - "situation": "ABSENT", + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "ALL_GONE", + "actions": "*", + "methods": "read", + "pattern": "config/ui/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "AMBIGUOUS", + "actions": "bind,unbind", + "customAuthz": "ownDataOnly()", + "methods": "read,action,delete", + "pattern": "*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "CONFIRMED", + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', [])", + "methods": "update,patch,action", + "pattern": "*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "FOUND", + "actions": "patch", + "customAuthz": "(request.resourcePath === 'selfservice/user/' + context.security.authorization.id) && onlyEditableManagedObjectProperties('user', [])", + "methods": "patch,action", + "pattern": "selfservice/user/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", + "actions": "patch", + "customAuthz": "isQueryOneOf({'managed/user': ['for-userName']}) && restrictPatchToFields(['password'])", + "methods": "patch,action", + "pattern": "managed/user", + "roles": "internal/role/openidm-cert", }, { - "action": "ASYNC", - "situation": "LINK_ONLY", + "actions": "*", + "customAuthz": "ownRelationshipProperty('_meta', false)", + "methods": "read", + "pattern": "internal/usermeta/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "MISSING", + "actions": "*", + "customAuthz": "ownRelationshipProperty('_notifications', true)", + "methods": "read,delete", + "pattern": "internal/notification/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "SOURCE_MISSING", + "actions": "", + "customAuthz": "ownDataOnly()", + "methods": "read,delete", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('alpha_user', [])", + "methods": "update,patch,action", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "UNASSIGNED", + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized", }, { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "actions": "", + "customAuthz": "ownDataOnly()", + "methods": "read,delete", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('bravo_user', [])", + "methods": "update,patch,action", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "deleteNotificationsForTarget", + "customAuthz": "request.additionalParameters.target === (context.security.authorization.component + '/' + context.security.authorization.id)", + "methods": "action", + "pattern": "notification", + "roles": "internal/role/openidm-authorized", }, ], - "properties": [], - "source": "managed/bravo_group", - "target": "managed/bravo_group", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_user_managedBravo_user0.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/alphaOrgPrivileges.idm.json 1`] = ` { - "mapping": { - "mapping/managedBravo_user_managedBravo_user0": { - "_id": "mapping/managedBravo_user_managedBravo_user0", - "consentRequired": false, - "displayName": "managedBravo_user_managedBravo_user0", - "icon": null, - "name": "managedBravo_user_managedBravo_user0", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, + "idm": { + "alphaOrgPrivileges": { + "_id": "alphaOrgPrivileges", + "privileges": [ { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, { - "action": "ASYNC", - "situation": "LINK_ONLY", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "MISSING", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/alpha_user", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "SOURCE_MISSING", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "UNASSIGNED", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/alpha_user", + "permissions": [ + "CREATE", + ], }, ], - "properties": [], - "source": "managed/bravo_user", - "target": "managed/bravo_user", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/mapping12.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/audit.idm.json 1`] = ` { - "mapping": { - "mapping/mapping12": { - "_id": "mapping/mapping12", - "consentRequired": false, - "displayName": "mapping12", - "linkQualifiers": [], - "name": "mapping12", - "policies": [], - "properties": [], - "source": "managed/bravo_user", - "syncAfter": [], - "target": "managed/bravo_user", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzure__group___managedAlpha_assignment.mapping.json 1`] = ` -{ - "mapping": { - "mapping/systemAzure__group___managedAlpha_assignment": { - "_id": "mapping/systemAzure__group___managedAlpha_assignment", - "consentRequired": false, - "displayName": "systemAzure__group___managedAlpha_assignment", - "icon": null, - "name": "systemAzure__group___managedAlpha_assignment", - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "DELETE", - "situation": "SOURCE_MISSING", - }, - { - "action": "CREATE", - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "DELETE", - "situation": "UNQUALIFIED", - }, - { - "action": "EXCEPTION", - "situation": "UNASSIGNED", - }, - { - "action": "EXCEPTION", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "default": "__RESOURCE__", - "target": "type", - }, - { - "source": "", - "target": "description", - "transform": { - "globals": {}, - "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", - "type": "text/javascript", - }, - }, - { - "default": "managedAlpha_user_systemAzureUser", - "target": "mapping", - }, - { - "source": "", - "target": "name", - "transform": { - "globals": {}, - "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", - "type": "text/javascript", - }, - }, - { - "source": "_id", - "target": "attributes", - "transform": { - "globals": {}, - "source": "[ - { - 'name': 'memberOf', - 'value': [source] - } -]", - "type": "text/javascript", - }, - }, - { - "source": "_id", - "target": "_id", - "transform": { - "globals": { - "sourceObjectSet": "system_Azure___GROUP___", - }, - "source": "sourceObjectSet.concat(source)", - "type": "text/javascript", + "idm": { + "audit": { + "_id": "audit", + "auditServiceConfig": { + "availableAuditEventHandlers": [ + "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", + "org.forgerock.audit.handlers.elasticsearch.ElasticsearchAuditEventHandler", + "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", + "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", + "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler", + "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", + ], + "caseInsensitiveFields": [ + "/access/http/request/headers", + "/access/http/response/headers", + ], + "filterPolicies": { + "value": { + "excludeIf": [ + "/access/http/request/cookies/&{com.iplanet.am.cookie.name}", + "/access/http/request/cookies/session-jwt", + "/access/http/request/headers/&{com.sun.identity.auth.cookieName}", + "/access/http/request/headers/&{com.iplanet.am.cookie.name}", + "/access/http/request/headers/accept-encoding", + "/access/http/request/headers/accept-language", + "/access/http/request/headers/Authorization", + "/access/http/request/headers/cache-control", + "/access/http/request/headers/connection", + "/access/http/request/headers/content-length", + "/access/http/request/headers/content-type", + "/access/http/request/headers/proxy-authorization", + "/access/http/request/headers/X-OpenAM-Password", + "/access/http/request/headers/X-OpenIDM-Password", + "/access/http/request/queryParameters/access_token", + "/access/http/request/queryParameters/IDToken1", + "/access/http/request/queryParameters/id_token_hint", + "/access/http/request/queryParameters/Login.Token1", + "/access/http/request/queryParameters/redirect_uri", + "/access/http/request/queryParameters/requester", + "/access/http/request/queryParameters/sessionUpgradeSSOTokenId", + "/access/http/request/queryParameters/tokenId", + "/access/http/response/headers/Authorization", + "/access/http/response/headers/Set-Cookie", + "/access/http/response/headers/X-OpenIDM-Password", + ], + "includeIf": [], }, }, - ], - "source": "system/Azure/__GROUP__", - "target": "managed/alpha_assignment", - "targetQuery": { - "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "memberOf"]", + "handlerForQueries": "json", }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureDirectoryrole_managedAlpha_assignment.mapping.json 1`] = ` -{ - "mapping": { - "mapping/systemAzureDirectoryrole_managedAlpha_assignment": { - "_id": "mapping/systemAzureDirectoryrole_managedAlpha_assignment", - "consentRequired": false, - "displayName": "systemAzureDirectoryrole_managedAlpha_assignment", - "icon": null, - "name": "systemAzureDirectoryrole_managedAlpha_assignment", - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "DELETE", - "situation": "SOURCE_MISSING", - }, - { - "action": "CREATE", - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "DELETE", - "situation": "UNQUALIFIED", - }, - { - "action": "EXCEPTION", - "situation": "UNASSIGNED", - }, - { - "action": "EXCEPTION", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "default": "__RESOURCE__", - "target": "type", - }, + "eventHandlers": [ { - "source": "", - "target": "description", - "transform": { - "globals": {}, - "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", - "type": "text/javascript", + "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "config": { + "name": "json", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, }, { - "default": "managedAlpha_user_systemAzureUser", - "target": "mapping", - }, - { - "source": "", - "target": "name", - "transform": { - "globals": {}, - "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", - "type": "text/javascript", + "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "config": { + "enabled": false, + "name": "repo", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, }, - { - "source": "_id", - "target": "attributes", - "transform": { - "globals": {}, - "source": "[ - { - 'name': '__roles__', - 'value': [source] - } -]", - "type": "text/javascript", + ], + "eventTopics": { + "activity": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, + "passwordFields": [ + "password", + ], + "watchedFields": [], }, - { - "source": "_id", - "target": "_id", - "transform": { - "globals": { - "sourceObjectSet": "system_Azure_directoryRole_", - }, - "source": "sourceObjectSet.concat(source)", - "type": "text/javascript", + "config": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, }, - ], - "source": "system/Azure/directoryRole", - "target": "managed/alpha_assignment", - "targetQuery": { - "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__roles__"]", + }, + "exceptionFormatter": { + "file": "bin/defaults/script/audit/stacktraceFormatter.js", + "type": "text/javascript", }, }, }, @@ -266340,126 +260182,47 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureServiceplan_managedAlpha_assignment.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/authentication.idm.json 1`] = ` { - "mapping": { - "mapping/systemAzureServiceplan_managedAlpha_assignment": { - "_id": "mapping/systemAzureServiceplan_managedAlpha_assignment", - "consentRequired": false, - "displayName": "systemAzureServiceplan_managedAlpha_assignment", - "icon": null, - "name": "systemAzureServiceplan_managedAlpha_assignment", - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "DELETE", - "situation": "SOURCE_MISSING", - }, - { - "action": "CREATE", - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "DELETE", - "situation": "UNQUALIFIED", - }, - { - "action": "EXCEPTION", - "situation": "UNASSIGNED", - }, - { - "action": "EXCEPTION", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "default": "__RESOURCE__", - "target": "type", - }, - { - "source": "", - "target": "description", - "transform": { - "globals": {}, - "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", - "type": "text/javascript", - }, - }, - { - "default": "managedAlpha_user_systemAzureUser", - "target": "mapping", + "idm": { + "authentication": { + "_id": "authentication", + "rsFilter": { + "augmentSecurityContext": { + "source": "require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, security.authorization.component.includes('/alpha_') ? 'alphaOrgPrivileges' : 'bravoOrgPrivileges', 'privilegeAssignments');", + "type": "text/javascript", }, - { - "source": "", - "target": "name", - "transform": { - "globals": {}, - "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", - "type": "text/javascript", - }, + "cache": { + "maxTimeout": "300 seconds", }, - { - "source": "_id", - "target": "attributes", - "transform": { - "globals": {}, - "source": "[ - { - 'name': '__servicePlanIds__', - 'value': [source] - } -]", - "type": "text/javascript", + "scopes": [ + "fr:idm:*", + ], + "staticUserMapping": [ + { + "localUser": "internal/user/idm-provisioning", + "roles": [ + "internal/role/openidm-admin", + ], + "subject": "autoid-resource-server", }, - }, - { - "source": "_id", - "target": "_id", - "transform": { - "globals": { - "sourceObjectSet": "system_Azure_servicePlan_", + ], + "subjectMapping": [ + { + "additionalUserFields": [ + "adminOfOrg", + "ownerOfOrg", + ], + "defaultRoles": [ + "internal/role/openidm-authorized", + ], + "propertyMapping": { + "sub": "_id", }, - "source": "sourceObjectSet.concat(source)", - "type": "text/javascript", + "queryOnResource": "managed/{{substring realm 1}}_user", + "userRoles": "authzRoles/*", }, - }, - ], - "source": "system/Azure/servicePlan", - "target": "managed/alpha_assignment", - "targetQuery": { - "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__servicePlanIds__"]", + ], }, }, }, @@ -266467,3053 +260230,15619 @@ exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": shou } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureUser_managedAlpha_user.mapping.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/bravoOrgPrivileges.idm.json 1`] = ` { - "mapping": { - "mapping/systemAzureUser_managedAlpha_user": { - "_id": "mapping/systemAzureUser_managedAlpha_user", - "consentRequired": false, - "correlationQuery": [ - { - "linkQualifier": "default", - "source": "var qry = {'_queryFilter': 'mail eq "' + source.mail + '"'}; qry", - "type": "text/javascript", - }, - ], - "defaultSourceFields": [ - "*", - "memberOf", - "__roles__", - "__servicePlanIds__", - ], - "defaultTargetFields": [ - "*", - "assignments", - ], - "displayName": "systemAzureUser_managedAlpha_user", - "icon": null, - "links": "managedAlpha_user_systemAzureUser", - "name": "systemAzureUser_managedAlpha_user", - "policies": [ - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, + "idm": { + "bravoOrgPrivileges": { + "_id": "bravoOrgPrivileges", + "privileges": [ { - "action": "ASYNC", - "situation": "MISSING", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "UNQUALIFIED", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/bravo_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, { - "action": "ASYNC", - "situation": "UNASSIGNED", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/bravo_user", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "LINK_ONLY", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, { - "action": "ASYNC", - "situation": "TARGET_IGNORED", + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "CREATE", + ], }, { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "ONBOARD", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "SOURCE_TARGET_CONFLICT", - }, - ], - "properties": [ - { - "referencedObjectType": "__GROUP__", - "source": "memberOf", - "target": "assignments", - }, - { - "referencedObjectType": "directoryRole", - "source": "__roles__", - "target": "assignments", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/bravo_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, { - "referencedObjectType": "servicePlan", - "source": "__servicePlanIds__", - "target": "assignments", + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "groups", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "effectiveGroups", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/bravo_user", + "permissions": [ + "CREATE", + ], }, ], - "reconSourceQueryPageSize": 999, - "reconSourceQueryPaging": true, - "runTargetPhase": false, - "source": "system/Azure/User", - "sourceQueryFullEntry": true, - "target": "managed/alpha_user", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-admin-token.secret.json 1`] = ` -{ - "meta": Any, - "secret": { - "esv-admin-token": { - "_id": "esv-admin-token", - "activeVersion": "1", - "description": "Long-lived admin token", - "encoding": "generic", - "lastChangeDate": "2024-03-20T14:46:13.461793Z", - "lastChangedBy": "ba58ff99-76d3-4c69-9c4a-7f150ac70e2c", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, }, }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-brando-pingone.secret.json 1`] = ` -{ "meta": Any, - "secret": { - "esv-brando-pingone": { - "_id": "esv-brando-pingone", - "activeVersion": "4", - "description": "This is to show the connection between PingOne and AIC. ", - "encoding": "generic", - "lastChangeDate": "2024-06-24T00:44:06.154598Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "4", - "useInPlaceholders": true, - }, - }, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test1.secret.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/Test.idm.json 1`] = ` { - "meta": Any, - "secret": { - "esv-secret-import-test1": { - "_id": "esv-secret-import-test1", - "activeVersion": "1", - "description": "Secret Import Test 1", - "encoding": "generic", - "lastChangeDate": "2024-06-22T01:13:13.904591Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, + "idm": { + "endpoint/Test": { + "_id": "endpoint/Test", + "description": "test", + "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", + "source": " (function () { + if (request.method === 'create') { + // POST + return {}; + } else if (request.method === 'read') { + // GET + return {}; + } else if (request.method === 'update') { + // PUT + return {}; + } else if (request.method === 'patch') { + return {}; + } else if (request.method === 'delete') { + return {}; + } + throw { code: 500, message: 'Unknown error' }; + }());", + "type": "text/javascript", }, }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test2.secret.json 1`] = ` -{ "meta": Any, - "secret": { - "esv-secret-import-test2": { - "_id": "esv-secret-import-test2", - "activeVersion": "1", - "description": "Secret Import Test 2", - "encoding": "generic", - "lastChangeDate": "2024-06-22T01:13:41.914076Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret.secret.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/endpoint/testEndpoint2.idm.json 1`] = ` { - "meta": Any, - "secret": { - "esv-test-secret": { - "_id": "esv-test-secret", - "activeVersion": "1", - "description": "This is a test secret containing a simple string value.", - "encoding": "generic", - "lastChangeDate": "2024-07-05T17:53:53.682578Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, + "idm": { + "endpoint/testEndpoint2": { + "_id": "endpoint/testEndpoint2", + "description": "", + "globalsObject": "" {\\n \\"request\\": {\\n \\"method\\": \\"create\\"\\n }\\n }"", + "source": " (function () { + if (request.method === 'create') { + // POST + return {}; + } else if (request.method === 'read') { + // GET + return {}; + } else if (request.method === 'update') { + // PUT + return {}; + } else if (request.method === 'patch') { + return {}; + } else if (request.method === 'delete') { + return {}; + } + throw { code: 500, message: 'Unknown error' }; + }());", + "type": "text/javascript", }, }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem.secret.json 1`] = ` -{ "meta": Any, - "secret": { - "esv-test-secret-cert-pem": { - "_id": "esv-test-secret-cert-pem", - "activeVersion": "1", - "description": "This is a test secret from a pem encoded cert file.", - "encoding": "pem", - "lastChangeDate": "2024-01-20T03:48:49.005574Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem-raw.secret.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/entityId.idm.json 1`] = ` { - "meta": Any, - "secret": { - "esv-test-secret-cert-pem-raw": { - "_id": "esv-test-secret-cert-pem-raw", - "activeVersion": "1", - "description": "This is a test secret from a pem encoded cert file (raw).", - "encoding": "pem", - "lastChangeDate": "2024-01-20T03:49:20.270526Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, + "idm": { + "entityId": { + "_id": "entityId", + "defaultLocale": "en", + "displayName": "Frodo Test Email Template Three", + "enabled": true, + "from": "", + "message": { + "en": "

You started a login or profile update that requires MFA.

Click to Proceed

", + }, + "mimeType": "text/html", + "subject": { + "en": "Multi-Factor Email for Identity Cloud login", + }, }, }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-euler.secret.json 1`] = ` -{ "meta": Any, - "secret": { - "esv-test-secret-euler": { - "_id": "esv-test-secret-euler", - "activeVersion": "1", - "description": "A test secret containing the value of Euler's number", - "encoding": "generic", - "lastChangeDate": "2023-12-14T15:27:34.607038Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac.secret.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.email.idm.json 1`] = ` { - "meta": Any, - "secret": { - "esv-test-secret-file-base64hmac": { - "_id": "esv-test-secret-file-base64hmac", - "activeVersion": "1", - "description": "This is a test secret from base64 encoded hmac key file.", - "encoding": "base64hmac", - "lastChangeDate": "2024-01-20T03:46:37.42544Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, + "idm": { + "external.email": { + "_id": "external.email", + "auth": { + "enable": true, + "password": "&{aic.customer.sasl.pass}", + "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", + }, + "connectiontimeout": 300000, + "debug": false, + "from": "&{email.sender.address}", + "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", + "port": 25, + "smtpProperties": [], + "ssl": { + "enable": false, + }, + "starttls": { + "enable": false, + }, + "threadPoolSize": 20, + "timeout": 300000, + "writetimeout": 300000, }, }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac-raw.secret.json 1`] = ` -{ "meta": Any, - "secret": { - "esv-test-secret-file-base64hmac-raw": { - "_id": "esv-test-secret-file-base64hmac-raw", - "activeVersion": "1", - "description": "This is a test secret from base64 encoded hmac key file (raw).", - "encoding": "base64hmac", - "lastChangeDate": "2024-01-20T03:47:03.695151Z", - "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, - }, - }, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi.secret.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/external.emailDefault.idm.json 1`] = ` { - "meta": Any, - "secret": { - "esv-test-secret-pi": { - "_id": "esv-test-secret-pi", - "activeVersion": "1", - "description": "Secret that contains the value of pi", - "encoding": "generic", - "lastChangeDate": "2023-12-14T15:22:28.519043Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "loadedVersion": "1", - "useInPlaceholders": true, + "idm": { + "external.emailDefault": { + "_id": "external.emailDefault", + "auth": { + "enable": true, + "password": "&{aic.customer.sasl.pass}", + "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}", + }, + "connectiontimeout": 300000, + "debug": false, + "from": "&{email.sender.address}", + "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", + "port": 25, + "smtpProperties": [], + "ssl": { + "enable": false, + }, + "starttls": { + "enable": false, + }, + "threadPoolSize": 20, + "timeout": 300000, + "writetimeout": 300000, }, }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi-generic.secret.json 1`] = ` -{ "meta": Any, - "secret": { - "esv-test-secret-pi-generic": { - "_id": "esv-test-secret-pi-generic", - "activeVersion": "3", - "description": "", - "encoding": "generic", - "lastChangeDate": "2024-07-15T03:20:09.136266Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "3", - "useInPlaceholders": true, - }, - }, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-volkers-test-secret.secret.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/alpha_user.idm.json 1`] = ` { - "meta": Any, - "secret": { - "esv-volkers-test-secret": { - "_id": "esv-volkers-test-secret", - "activeVersion": "10", - "description": "Volker's test secret", - "encoding": "generic", - "lastChangeDate": "2024-06-26T01:37:06.116117Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "loadedVersion": "10", - "useInPlaceholders": true, + "idm": { + "fieldPolicy/alpha_user": { + "_id": "fieldPolicy/alpha_user", + "defaultPasswordStorageScheme": [ + { + "_id": "PBKDF2-HMAC-SHA256", + }, + ], + "passwordAttribute": "password", + "resourceCollection": "managed/alpha_user", + "type": "password-policy", + "validator": [ + { + "_id": "alpha_userPasswordPolicy-length-based-password-validator", + "enabled": true, + "maxPasswordLength": 0, + "minPasswordLength": 10, + "type": "length-based", + }, + { + "_id": "alpha_userPasswordPolicy-attribute-value-password-validator", + "checkSubstrings": true, + "enabled": true, + "matchAttribute": [ + "mail", + "userName", + "givenName", + "sn", + ], + "minSubstringLength": 5, + "testReversedPassword": true, + "type": "attribute-value", + }, + { + "_id": "alpha_userPasswordPolicy-character-set-password-validator", + "allowUnclassifiedCharacters": true, + "characterSet": [ + "0:abcdefghijklmnopqrstuvwxyz", + "0:ABCDEFGHIJKLMNOPQRSTUVWXYZ", + "0:0123456789", + "0:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", + ], + "enabled": true, + "minCharacterSets": 4, + "type": "character-set", + }, + ], }, }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/CorsService.service.json 1`] = ` -{ "meta": Any, - "service": { - "CorsService": { - "_id": "", - "_type": { - "_id": "CorsService", - "collection": false, - "name": "CORS Service", - }, - "enabled": true, - "location": "global", - "nextDescendents": [], - }, - }, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/dashboard.service.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/fieldPolicy/bravo_user.idm.json 1`] = ` { - "meta": Any, - "service": { - "dashboard": { - "_id": "", - "_type": { - "_id": "dashboard", - "collection": false, - "name": "Dashboard", - }, - "defaults": { - "assignedDashboard": [], - }, - "location": "global", - "nextDescendents": [ + "idm": { + "fieldPolicy/bravo_user": { + "_id": "fieldPolicy/bravo_user", + "defaultPasswordStorageScheme": [ { - "_id": "Google", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "Google", - "icfIdentifier": "idm magic 34", - "icon": "images/logos/googleplus.png", - "login": "http://www.google.com", - "name": "Google", + "_id": "PBKDF2-HMAC-SHA256", }, + ], + "passwordAttribute": "password", + "resourceCollection": "managed/bravo_user", + "type": "password-policy", + "validator": [ { - "_id": "SalesForce", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "SalesForce", - "icfIdentifier": "idm magic 12", - "icon": "images/logos/salesforce.png", - "login": "http://www.salesforce.com", - "name": "SalesForce", + "_id": "bravo_userPasswordPolicy-length-based-password-validator", + "enabled": true, + "maxPasswordLength": 0, + "minPasswordLength": 8, + "type": "length-based", }, { - "_id": "ZenDesk", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "SAML2ApplicationClass", - "displayName": "ZenDesk", - "icfIdentifier": "idm magic 56", - "icon": "images/logos/zendesk.png", - "login": "http://www.ZenDesk.com", - "name": "ZenDesk", + "_id": "bravo_userPasswordPolicy-attribute-value-password-validator", + "checkSubstrings": true, + "enabled": true, + "matchAttribute": [ + "mail", + "userName", + "givenName", + "sn", + ], + "minSubstringLength": 5, + "testReversedPassword": true, + "type": "attribute-value", }, { - "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", - "_type": { - "_id": "instances", - "collection": true, - "name": "instance", - }, - "className": "BookmarkApplicationClass", - "displayName": "Google", - "icon": "app-bookmark.svg", - "login": "https://www.google.com/", - "name": "Google", + "_id": "bravo_userPasswordPolicy-character-set-password-validator", + "allowUnclassifiedCharacters": true, + "characterSet": [ + "1:abcdefghijklmnopqrstuvwxyz", + "1:ABCDEFGHIJKLMNOPQRSTUVWXYZ", + "1:0123456789", + "1:~!@#$%^&*()-_=+[]{}|;:,.<>/?"'\\\`", + ], + "enabled": true, + "type": "character-set", }, ], }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/AlphaUser2GoogleApps.sync.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/internal.idm.json 1`] = ` { - "_id": "sync/AlphaUser2GoogleApps", - "consentRequired": false, - "correlationQuery": [ - { - "expressionTree": { - "all": [ - "__NAME__", - ], - }, - "file": "ui/correlateTreeToQueryFilter.js", - "linkQualifier": "default", - "mapping": "AlphaUser2GoogleApps", - "type": "text/javascript", - }, - ], - "displayName": "AlphaUser2GoogleApps", - "enableSync": { - "$bool": "&{esv.gac.enable.mapping}", - }, - "icon": null, - "name": "AlphaUser2GoogleApps", - "onCreate": { - "globals": {}, - "source": "target.orgUnitPath = "/NewAccounts";", - "type": "text/javascript", - }, - "onUpdate": { - "globals": {}, - "source": "//testing1234 -target.givenName = oldTarget.givenName; -target.familyName = oldTarget.familyName; -target.__NAME__ = oldTarget.__NAME__;", - "type": "text/javascript", - }, - "policies": [ - { - "action": "EXCEPTION", - "situation": "AMBIGUOUS", - }, - { - "action": "UNLINK", - "situation": "SOURCE_MISSING", - }, - { - "action": { - "globals": {}, - "source": "// Timing Constants -var ATTEMPT = 6; // Number of attempts to find the Google user. -var SLEEP_TIME = 500; // Milliseconds between retries. -var SYSTEM_ENDPOINT = "system/GoogleApps/__ACCOUNT__"; -var MAPPING_NAME = "AlphaUser2GoogleApps"; -var GOOGLE_DOMAIN = identityServer.getProperty("esv.gac.domain"); -var googleEmail = source.userName + "@" + GOOGLE_DOMAIN; -var frUserGUID = source._id; -var resultingAction = "ASYNC"; - -// Get the Google GUID -var linkQueryParams = {'_queryFilter': 'firstId eq "' + frUserGUID + '" and linkType eq "' + MAPPING_NAME + '"'}; -var linkResults = openidm.query("repo/link/", linkQueryParams, null); -var googleGUID; - -if (linkResults.resultCount === 1) { - googleGUID = linkResults.result[0].secondId; -} - -var queryResults; // Resulting query from looking for the Google user. -var params = {'_queryFilter': '__UID__ eq "' + googleGUID + '"'}; - -for (var i = 1; i <= ATTEMPT; i++) { - queryResults = openidm.query(SYSTEM_ENDPOINT, params); - if (queryResults.result && queryResults.result.length > 0) { - logger.info("idmlog: ---AlphaUser2GoogleApps - Missing->UPDATE - Result found in " + i + " attempts. Query result: " + JSON.stringify(queryResults)); - resultingAction = "UPDATE"; - break; - } - java.lang.Thread.sleep(SLEEP_TIME); // Wait before trying again. -} - -if (!queryResults.result || queryResults.resultCount === 0) { - logger.warn("idmlog: ---AlphaUser2GoogleApps - Missing->UNLINK - " + googleEmail + " not found after " + ATTEMPT + " attempts."); - resultingAction = "UNLINK"; -} -resultingAction; -", - "type": "text/javascript", - }, - "situation": "MISSING", - }, - { - "action": "EXCEPTION", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "IGNORE", - "situation": "UNQUALIFIED", - }, - { - "action": "IGNORE", - "situation": "UNASSIGNED", - }, - { - "action": "UNLINK", - "situation": "LINK_ONLY", - }, - { - "action": "IGNORE", - "situation": "TARGET_IGNORED", - }, - { - "action": "IGNORE", - "situation": "SOURCE_IGNORED", - }, - { - "action": "IGNORE", - "situation": "ALL_GONE", - }, - { - "action": "UPDATE", - "situation": "CONFIRMED", - }, - { - "action": "LINK", - "situation": "FOUND", - }, - { - "action": "CREATE", - "situation": "ABSENT", - }, - ], - "properties": [ - { - "condition": { - "globals": {}, - "source": "object.custom_password_encrypted != null", - "type": "text/javascript", - }, - "source": "custom_password_encrypted", - "target": "__PASSWORD__", - "transform": { - "globals": {}, - "source": "openidm.decrypt(source);", - "type": "text/javascript", - }, - }, - { - "source": "cn", - "target": "__NAME__", - "transform": { - "globals": {}, - "source": "source + "@" + identityServer.getProperty("esv.gac.domain");", - "type": "text/javascript", - }, - }, - { - "source": "givenName", - "target": "givenName", - }, - { - "source": "", - "target": "familyName", - "transform": { - "globals": {}, - "source": "if (source.frIndexedInteger1 > 2 && source.frIndexedInteger1 < 6) { - source.sn + " (Student)" -} else { - source.sn -}", - "type": "text/javascript", - }, + "idm": { + "internal": { + "_id": "internal", + "objects": [ + { + "name": "role", + "properties": { + "authzMembers": { + "items": { + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + }, + }, + }, + }, + ], }, - ], - "queuedSync": { - "enabled": true, - "maxQueueSize": 20000, - "maxRetries": 5, - "pageSize": 100, - "pollingInterval": 1000, - "postRetryAction": "logged-ignore", - "retryDelay": 1000, }, - "source": "managed/alpha_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - "managedAlpha_user_managedBravo_user", - "managedBravo_user_managedAlpha_user", - ], - "target": "system/GoogleApps/__ACCOUNT__", - "validSource": { - "globals": {}, - "source": "var isGoogleEligible = true; -//var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + " cn: " + source.cn + ") -"; -var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + ") -"; - -//Get Applicable userTypes (no Parent accounts) -if (source.frIndexedInteger1 !== 0 && source.frIndexedInteger1 !== 1 && source.frIndexedInteger1 !== 3 && source.frIndexedInteger1 !== 4 && source.frIndexedInteger1 !== 5) { - isGoogleEligible = false; - logMsg = logMsg + " Account type not eligible."; -} - -//Make sure the account has a valid encrypted password. -if (source.custom_password_encrypted == undefined || source.custom_password_encrypted == null) { - isGoogleEligible = false; - logMsg = logMsg + " No encrypted password yet."; -} - -//Check that CN exists and has no space. -if (source.cn && source.cn.includes(' ')) { - isGoogleEligible = false; - logMsg = logMsg + " CN with a space is not allowed."; + "meta": Any, } +`; -if (!isGoogleEligible) { - logMsg = logMsg + " Not sent to Google." - logger.info(logMsg); -} - -if (isGoogleEligible) { - logMsg = logMsg + " Sent to Google." - logger.info(logMsg); -} - -isGoogleEligible; -", - "type": "text/javascript", - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedAlpha_user_managedBravo_user.sync.json 1`] = ` -{ - "_id": "sync/managedAlpha_user_managedBravo_user", - "consentRequired": true, - "displayName": "Test Mapping for Frodo", - "icon": null, - "name": "managedAlpha_user_managedBravo_user", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [ - { - "condition": { - "globals": {}, - "source": "console.log("Hello World!");", - "type": "text/javascript", - }, - "default": [ - "Default value string", - ], - "source": "accountStatus", - "target": "applications", - "transform": { - "globals": {}, - "source": "console.log("hello");", - "type": "text/javascript", - }, - }, - ], - "source": "managed/alpha_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - ], - "target": "managed/bravo_user", -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedBravo_user_managedAlpha_user.sync.json 1`] = ` -{ - "_id": "sync/managedBravo_user_managedAlpha_user", - "consentRequired": false, - "displayName": "Frodo test mapping", - "icon": null, - "name": "managedBravo_user_managedAlpha_user", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [], - "source": "managed/bravo_user", - "syncAfter": [ - "managedBravo_user_managedBravo_user", - "managedAlpha_user_managedBravo_user", - ], - "target": "managed/alpha_user", -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedBravo_user_managedBravo_user.sync.json 1`] = ` -{ - "_id": "sync/managedBravo_user_managedBravo_user", - "consentRequired": false, - "displayName": "managedBravo_user_managedBravo_user", - "icon": null, - "name": "managedBravo_user_managedBravo_user", - "policies": [ - { - "action": "ASYNC", - "situation": "ABSENT", - }, - { - "action": "ASYNC", - "situation": "ALL_GONE", - }, - { - "action": "ASYNC", - "situation": "AMBIGUOUS", - }, - { - "action": "ASYNC", - "situation": "CONFIRMED", - }, - { - "action": "ASYNC", - "situation": "FOUND", - }, - { - "action": "ASYNC", - "situation": "FOUND_ALREADY_LINKED", - }, - { - "action": "ASYNC", - "situation": "LINK_ONLY", - }, - { - "action": "ASYNC", - "situation": "MISSING", - }, - { - "action": "ASYNC", - "situation": "SOURCE_IGNORED", - }, - { - "action": "ASYNC", - "situation": "SOURCE_MISSING", - }, - { - "action": "ASYNC", - "situation": "TARGET_IGNORED", - }, - { - "action": "ASYNC", - "situation": "UNASSIGNED", - }, - { - "action": "ASYNC", - "situation": "UNQUALIFIED", - }, - ], - "properties": [], - "source": "managed/bravo_user", - "syncAfter": [], - "target": "managed/bravo_user", -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/sync.idm.json 1`] = ` +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/managed.idm.json 1`] = ` { "idm": { - "sync": { - "_id": "sync", - "mappings": [ - "file://managedBravo_user_managedBravo_user.sync.json", - "file://managedAlpha_user_managedBravo_user.sync.json", - "file://managedBravo_user_managedAlpha_user.sync.json", - "file://AlphaUser2GoogleApps.sync.json", - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-blue-piller.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-blue-piller": { - "_id": "esv-blue-piller", - "description": "Zion membership criteria.", - "expressionType": "bool", - "lastChangeDate": "2024-07-05T20:01:11.78347Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "false", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-ipv4-cidr-access-rules.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-ipv4-cidr-access-rules": { - "_id": "esv-ipv4-cidr-access-rules", - "description": "IPv4 CIDR access rules: { "allow": [ "address/mask" ] }", - "expressionType": "object", - "lastChangeDate": "2024-07-05T20:01:13.987057Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "{ "allow": [ "145.118.0.0/16", "132.35.0.0/16", "101.226.0.0/16", "99.72.28.182/32" ] }", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-nebuchadnezzar-crew.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-nebuchadnezzar-crew": { - "_id": "esv-nebuchadnezzar-crew", - "description": "The crew of the Nebuchadnezzar hovercraft.", - "expressionType": "array", - "lastChangeDate": "2024-07-05T20:01:05.216699Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "["Morpheus","Trinity","Link","Tank","Dozer","Apoc","Cypher","Mouse","Neo","Switch"]", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-nebuchadnezzar-crew-structure.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-nebuchadnezzar-crew-structure": { - "_id": "esv-nebuchadnezzar-crew-structure", - "description": "The structure of the crew of the Nebuchadnezzar hovercraft.", - "expressionType": "object", - "lastChangeDate": "2024-07-05T20:01:07.343325Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "{"Captain":"Morpheus","FirstMate":"Trinity","Operator":["Link","Tank"],"Medic":"Dozer","Crewmen":["Apoc","Cypher","Mouse","Neo","Switch"]}", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-neo-age.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-neo-age": { - "_id": "esv-neo-age", - "description": "Neo's age in the matrix.", - "expressionType": "int", - "lastChangeDate": "2024-11-01T16:21:14.46187Z", - "lastChangedBy": "Frodo-SA-1730238488278", - "loaded": true, - "value": "28", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-number.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-number": { - "_id": "esv-number", - "description": "test number", - "expressionType": "number", - "lastChangeDate": "2024-07-05T19:42:20.943131Z", - "lastChangedBy": "volker.scheuber@forgerock.com", - "loaded": true, - "value": "1.134", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-test": { - "_id": "esv-test", - "description": "list", - "expressionType": "list", - "lastChangeDate": "2024-11-01T21:00:21.315828Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "value": "a,b,c,d", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-var.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-test-var": { - "_id": "esv-test-var", - "description": "this is a test description", - "expressionType": "string", - "lastChangeDate": "2024-11-01T16:21:15.469328Z", - "lastChangedBy": "Frodo-SA-1730238488278", - "loaded": true, - "value": "this is a test variable", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-var-pi.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-test-var-pi": { - "_id": "esv-test-var-pi", - "description": "This is another test variable.", - "expressionType": "number", - "lastChangeDate": "2024-07-12T17:40:41.283412Z", - "lastChangedBy": "Frodo-SA-1720799681233", - "loaded": true, - "value": "3.1415926", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-var-pi-string.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-test-var-pi-string": { - "_id": "esv-test-var-pi-string", - "description": "This is another test variable.", - "expressionType": "string", - "lastChangeDate": "2024-07-05T20:01:16.11117Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "3.1415926", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-variable-light.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-test-variable-light": { - "_id": "esv-test-variable-light", - "description": "Test variable containing the speed of light in meters per second (as an int).", - "expressionType": "int", - "lastChangeDate": "2023-12-14T15:34:13.446903Z", - "lastChangedBy": "phales@trivir.com", - "loaded": true, - "value": "299792458", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-trinity-phone.variable.json 1`] = ` -{ - "meta": Any, - "variable": { - "esv-trinity-phone": { - "_id": "esv-trinity-phone", - "description": "In the opening of The Matrix (1999), the phone number Trinity is calling from is traced to (312)-555-0690", - "expressionType": "string", - "lastChangeDate": "2024-07-05T20:01:03.141204Z", - "lastChangedBy": "Frodo-SA-1701393386423", - "loaded": true, - "value": "(312)-555-0690", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/cdsso-ig-agent.agent.json 1`] = ` -{ - "agent": { - "cdsso-ig-agent": { - "_id": "cdsso-ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [ - "https://volker-demo.encore.forgerock.com:443/apps/hrlite/redirect", - "https://volker-demo.encore.forgerock.com/apps/hrlite/redirect", - "https://volker-demo.encore.forgerock.com:443/apps/hrlite-rest/redirect", - "https://volker-demo.encore.forgerock.com:443/apps/contractor/redirect", - "https://volker-demo.encore.forgerock.com/apps/hrlite-rest/redirect", - "https://volker-demo.encore.forgerock.com/apps/contractor/redirect", - ], - "igTokenIntrospection": "Realm_Subs", - "secretLabelIdentifier": null, - "status": "Active", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-ig-agent.agent.json 1`] = ` -{ - "agent": { - "frodo-test-ig-agent": { - "_id": "frodo-test-ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": "test_ig_group", - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "secretLabelIdentifier": null, - "status": "Inactive", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-ig-agent2.agent.json 1`] = ` -{ - "agent": { - "frodo-test-ig-agent2": { - "_id": "frodo-test-ig-agent2", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", - "igCdssoRedirectUrls": [ - "http://testurl.com:8080/frodo", - ], - "igTokenIntrospection": "Realm", - "secretLabelIdentifier": null, - "status": "Inactive", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-java-agent.agent.json 1`] = ` -{ - "agent": { - "frodo-test-java-agent": { - "_id": "frodo-test-java-agent", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": null, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "secretLabelIdentifier": null, - "status": "Inactive", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/agent/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": "/agent/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-java-agent2.agent.json 1`] = ` -{ - "agent": { - "frodo-test-java-agent2": { - "_id": "frodo-test-java-agent2", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "agentgroup": null, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testurl.com:8080/", - ], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": "testurl.com", - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "repositoryLocation": "centralized", - "secretLabelIdentifier": null, - "status": "Inactive", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": "/agent/sunwLegacySupportURI", - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": { - "8080": "http", - }, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": "/agent/post-authn-redirect", - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-web-agent.agent.json 1`] = ` -{ - "agent": { - "frodo-test-web-agent": { - "_id": "frodo-test-web-agent", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testserverurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testagenturl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testagenturl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testagenturl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "secretLabelIdentifier": null, - "ssoOnlyMode": false, - "status": "Inactive", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-web-agent2.agent.json 1`] = ` -{ - "agent": { - "frodo-test-web-agent2": { - "_id": "frodo-test-web-agent2", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testserverurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": "http://testagenturl.com:8080/amagent", - "agentgroup": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [ - "agentRootURL=http://testagenturl.com:8080/", - ], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": "testagenturl.com", - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "repositoryLocation": "centralized", - "resetIdleTime": false, - "secretLabelIdentifier": null, - "ssoOnlyMode": false, - "status": "Inactive", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/ig-agent.agent.json 1`] = ` -{ - "agent": { - "ig-agent": { - "_id": "ig-agent", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "agentgroup": null, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [], - "igTokenIntrospection": "Realm_Subs", - "secretLabelIdentifier": null, - "status": "Active", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/my-policy-agent.agent.json 1`] = ` -{ - "agent": { - "my-policy-agent": { - "_id": "my-policy-agent", - "_type": { - "_id": "2.2_Agent", - "collection": true, - "name": "Policy Agents", - }, - "cdssoRootUrl": [], - "description": null, - "status": "Active", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/test.agent.json 1`] = ` -{ - "agent": { - "test": { - "_id": "test", - "_type": { - "_id": "RemoteConsentAgent", - "collection": true, - "name": "OAuth2 Remote Consent Service", - }, - "agentgroup": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "remoteConsentRedirectUrl": null, - "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentRequestEncryptionEnabled": true, - "remoteConsentRequestEncryptionMethod": "A128GCM", - "remoteConsentRequestSigningAlgorithm": "RS256", - "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", - "remoteConsentResponseEncryptionMethod": "A128GCM", - "remoteConsentResponseSigningAlg": "RS256", - "requestTimeLimit": 180, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/test-software-publisher.agent.json 1`] = ` -{ - "agent": { - "test software publisher": { - "_id": "test software publisher", - "_type": { - "_id": "SoftwarePublisher", - "collection": true, - "name": "OAuth2 Software Publisher", - }, - "agentgroup": null, - "issuer": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "publicKeyLocation": "jwks_uri", - "softwareStatementSigningAlgorithm": "RS256", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agentGroup/test_ig_group.agentGroup.json 1`] = ` -{ - "agentGroup": { - "test_ig_group": { - "_id": "test_ig_group", - "_type": { - "_id": "IdentityGatewayAgent", - "collection": true, - "name": "Identity Gateway Agents", - }, - "igCdssoLoginUrlTemplate": null, - "igCdssoRedirectUrls": [], - "igTokenIntrospection": "None", - "status": "Active", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agentGroup/test_java_group.agentGroup.json 1`] = ` -{ - "agentGroup": { - "test_java_group": { - "_id": "test_java_group", - "_type": { - "_id": "J2EEAgent", - "collection": true, - "name": "J2EE Agents", - }, - "advancedJ2EEAgentConfig": { - "alternativeAgentHostname": null, - "alternativeAgentPort": null, - "alternativeAgentProtocol": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "expiredSessionCacheSize": 500, - "expiredSessionCacheTTL": 20, - "fragmentRelayUri": null, - "idleTimeRefreshWindow": 1, - "jwtCacheSize": 5000, - "jwtCacheTTL": 30, - "missingPostDataPreservationEntryUri": [ - "", - ], - "monitoringToCSV": false, - "policyCachePerUser": 50, - "policyCacheSize": 5000, - "policyClientPollingInterval": 3, - "possibleXssCodeElements": [ - "", - ], - "postDataCacheTtlMin": 5, - "postDataPreservation": false, - "postDataPreserveCacheEntryMaxEntries": 1000, - "postDataPreserveCacheEntryMaxTotalSizeMb": -1, - "postDataPreserveMultipartLimitBytes": 104857600, - "postDataPreserveMultipartParameterLimitBytes": 104857600, - "postDataStickySessionKeyValue": null, - "postDataStickySessionMode": "URL", - "retainPreviousOverrideBehavior": true, - "sessionCacheTTL": 15, - "ssoExchangeCacheSize": 100, - "ssoExchangeCacheTTL": 5, - "xssDetectionRedirectUri": {}, - }, - "amServicesJ2EEAgent": { - "agentAdviceEncode": false, - "amLoginUrl": [], - "authServiceHost": "testurl.com", - "authServicePort": 8080, - "authServiceProtocol": "http", - "authSuccessRedirectUrl": false, - "conditionalLoginUrl": [ - "", - ], - "conditionalLogoutUrl": [ - "", - ], - "customLoginEnabled": false, - "legacyLoginUrlList": [ - "", - ], - "overridePolicyEvaluationRealmEnabled": false, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "policyNotifications": true, - "restrictToRealm": {}, - "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", - "urlPolicyEnvGetParameters": [ - "", - ], - "urlPolicyEnvJsessionParameters": [ - "", - ], - "urlPolicyEnvPostParameters": [ - "", - ], - }, - "applicationJ2EEAgentConfig": { - "applicationLogoutUris": {}, - "clientIpValidationMode": { - "": "OFF", - }, - "clientIpValidationRange": {}, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "cookieAttributeMultiValueSeparator": "|", - "cookieAttributeUrlEncoded": true, - "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", - "invertNotEnforcedIps": false, - "invertNotEnforcedUris": false, - "logoutEntryUri": {}, - "logoutIntrospection": false, - "logoutRequestParameters": {}, - "notEnforcedFavicon": true, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsCacheEnabled": true, - "notEnforcedIpsCacheSize": 1000, - "notEnforcedRuleCompoundSeparator": "|", - "notEnforcedUris": [ - "", - ], - "notEnforcedUrisCacheEnabled": true, - "notEnforcedUrisCacheSize": 1000, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "resourceAccessDeniedUri": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalJ2EEAgentConfig": { - "agentConfigChangeNotificationsEnabled": true, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [], - "configurationReloadInterval": 0, - "customResponseHeader": {}, - "debugLevel": "error", - "debugLogfilePrefix": null, - "debugLogfileRetentionCount": -1, - "debugLogfileRotationMinutes": -1, - "debugLogfileRotationSize": 52428800, - "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", - "filterMode": { - "": "ALL", - }, - "fqdnCheck": false, - "fqdnDefault": null, - "fqdnMapping": {}, - "httpSessionBinding": true, - "jwtName": "am-auth-jwt", - "lbCookieEnabled": false, - "lbCookieName": "amlbcookie", - "localAuditLogRotation": false, - "localAuditLogfileRetentionCount": -1, - "localAuditRotationSize": 52428800, - "loginAttemptLimit": 0, - "loginAttemptLimitCookieName": "amFilterParam", - "preAuthCookieMaxAge": 300, - "preAuthCookieName": "amFilterCDSSORequest", - "recheckAmUnavailabilityInSeconds": 5, - "redirectAttemptLimit": 0, - "redirectAttemptLimitCookieName": "amFilterRDParam", - "status": "Active", - "userAttributeName": "employeenumber", - "userMappingMode": "USER_ID", - "userPrincipalFlag": false, - "userTokenName": "UserToken", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscJ2EEAgentConfig": { - "agent302RedirectContentType": "application/json", - "agent302RedirectEnabled": true, - "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", - "agent302RedirectInvertEnabled": false, - "agent302RedirectNerList": [ - "", - ], - "agent302RedirectStatusCode": 200, - "authFailReasonParameterName": null, - "authFailReasonParameterRemapper": {}, - "authFailReasonUrl": null, - "gotoParameterName": "goto", - "gotoUrl": null, - "ignorePathInfo": false, - "legacyRedirectUri": null, - "legacyUserAgentList": [ - "Mozilla/4.7*", - ], - "legacyUserAgentSupport": false, - "localeCountry": "US", - "localeLanguage": "en", - "loginReasonMap": {}, - "loginReasonParameterName": null, - "portCheckEnabled": false, - "portCheckFile": "PortCheckContent.txt", - "portCheckSetting": {}, - "unwantedHttpUrlParams": [ - "", - ], - "unwantedHttpUrlRegexParams": [ - "", - ], - "wantedHttpUrlParams": [ - "", - ], - "wantedHttpUrlRegexParams": [ - "", - ], - }, - "ssoJ2EEAgentConfig": { - "acceptIPDPCookie": false, - "acceptSsoTokenDomainList": [ - "", - ], - "acceptSsoTokenEnabled": false, - "authExchangeCookieName": null, - "authExchangeUri": null, - "cdssoDomainList": [ - "", - ], - "cdssoRedirectUri": null, - "cdssoSecureCookies": false, - "cookieResetDomains": {}, - "cookieResetEnabled": false, - "cookieResetNames": [ - "", - ], - "cookieResetPaths": {}, - "encodeCookies": false, - "excludedUserAgentsList": [], - "httpOnly": true, - "setCookieAttributeMap": {}, - "setCookieInternalMap": {}, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agentGroup/test_web_agent_group.agentGroup.json 1`] = ` -{ - "agentGroup": { - "test_web_agent_group": { - "_id": "test_web_agent_group", - "_type": { - "_id": "WebAgent", - "collection": true, - "name": "Web Agents", - }, - "advancedWebAgentConfig": { - "apacheAuthDirectives": null, - "clientHostnameHeader": null, - "clientIpHeader": null, - "customProperties": [], - "fragmentRedirectEnabled": false, - "hostnameToIpAddress": [], - "logonAndImpersonation": false, - "overrideRequestHost": false, - "overrideRequestPort": false, - "overrideRequestProtocol": false, - "pdpJavascriptRepost": false, - "pdpSkipPostUrl": [ - "", - ], - "pdpStickySessionCookieName": null, - "pdpStickySessionMode": "OFF", - "pdpStickySessionValue": null, - "postDataCachePeriod": 10, - "postDataPreservation": false, - "replayPasswordKey": null, - "retainSessionCache": false, - "showPasswordInHeader": false, - }, - "amServicesWebAgent": { - "amLoginUrl": [], - "amLogoutUrl": [ - "http://testurl.com:8080/UI/Logout", - ], - "applicationLogoutUrls": [ - "", - ], - "conditionalLoginUrl": [ - "", - ], - "customLoginMode": 0, - "enableLogoutRegex": false, - "fetchPoliciesFromRootResource": false, - "invalidateLogoutSession": true, - "logoutRedirectDisabled": false, - "logoutRedirectUrl": null, - "logoutResetCookies": [ - "", - ], - "logoutUrlRegex": null, - "policyCachePollingInterval": 3, - "policyClockSkew": 0, - "policyEvaluationApplication": "iPlanetAMWebAgentService", - "policyEvaluationRealm": "/", - "publicAmUrl": null, - "regexConditionalLoginPattern": [ - "", - ], - "regexConditionalLoginUrl": [ - "", - ], - "retrieveClientHostname": false, - "ssoCachePollingInterval": 3, - "userIdParameter": "UserToken", - "userIdParameterType": "session", - }, - "applicationWebAgentConfig": { - "attributeMultiValueSeparator": "|", - "clientIpValidation": false, - "continuousSecurityCookies": {}, - "continuousSecurityHeaders": {}, - "fetchAttributesForNotEnforcedUrls": false, - "ignorePathInfoForNotEnforcedUrls": true, - "invertNotEnforcedUrls": false, - "notEnforcedIps": [ - "", - ], - "notEnforcedIpsList": [ - "", - ], - "notEnforcedIpsRegex": false, - "notEnforcedUrls": [ - "", - ], - "notEnforcedUrlsRegex": false, - "profileAttributeFetchMode": "NONE", - "profileAttributeMap": {}, - "responseAttributeFetchMode": "NONE", - "responseAttributeMap": {}, - "sessionAttributeFetchMode": "NONE", - "sessionAttributeMap": {}, - }, - "globalWebAgentConfig": { - "accessDeniedUrl": null, - "agentConfigChangeNotificationsEnabled": true, - "agentDebugLevel": "Error", - "agentUriPrefix": null, - "amLbCookieEnable": false, - "auditAccessType": "LOG_NONE", - "auditLogLocation": "REMOTE", - "cdssoRootUrl": [], - "configurationPollingInterval": 60, - "disableJwtAudit": false, - "fqdnCheck": false, - "fqdnDefault": null, - "fqdnMapping": {}, - "jwtAuditWhitelist": null, - "jwtName": "am-auth-jwt", - "notificationsEnabled": true, - "resetIdleTime": false, - "ssoOnlyMode": false, - "status": "Active", - "webSocketConnectionIntervalInMinutes": 30, - }, - "miscWebAgentConfig": { - "addCacheControlHeader": false, - "anonymousUserEnabled": false, - "anonymousUserId": "anonymous", - "caseInsensitiveUrlComparison": true, - "compositeAdviceEncode": false, - "compositeAdviceRedirect": false, - "encodeSpecialCharsInCookies": false, - "encodeUrlSpecialCharacters": false, - "gotoParameterName": "goto", - "headerJsonResponse": {}, - "ignorePathInfo": false, - "invalidUrlRegex": null, - "invertUrlJsonResponse": false, - "mineEncodeHeader": 0, - "profileAttributesCookieMaxAge": 300, - "profileAttributesCookiePrefix": "HTTP_", - "statusCodeJsonResponse": 202, - "urlJsonResponse": [ - "", - ], - }, - "ssoWebAgentConfig": { - "acceptSsoToken": false, - "cdssoCookieDomain": [ - "", - ], - "cdssoRedirectUri": "agent/cdsso-oauth2", - "cookieName": "iPlanetDirectoryPro", - "cookieResetEnabled": false, - "cookieResetList": [ - "", - ], - "cookieResetOnRedirect": false, - "httpOnly": true, - "multivaluePreAuthnCookie": false, - "persistentJwtCookie": false, - "sameSite": null, - "secureCookies": false, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/application/Azure.application.json 1`] = ` -{ - "managedApplication": { - "0f357b7e-6c54-4351-a094-43916877d7e5": { - "_id": "0f357b7e-6c54-4351-a094-43916877d7e5", - "authoritative": false, - "connectorId": "Azure", - "description": "Azure", - "icon": "", - "mappingNames": [ - "systemAzureUser_managedAlpha_user", - "managedAlpha_user_systemAzureUser", - "systemAzure__group___managedAlpha_assignment", - "systemAzureDirectoryrole_managedAlpha_assignment", - "systemAzureServiceplan_managedAlpha_assignment", - ], - "name": "Azure", - "templateName": "azure.ad", - "templateVersion": "3.3", - "uiConfig": { - "objectTypes": { - "User": { + "managed": { + "_id": "managed", + "objects": [ + { + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync", + }, + "meta": { + "property": "_meta", + "resourceCollection": "managed/alpha_usermeta", + "trackedProperties": [ + "createDate", + "lastChanged", + ], + }, + "name": "alpha_user", + "notifications": {}, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "cn", + "sn", + "mail", + "profileImage", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "groups", + "applications", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "effectiveGroups", + "effectiveApplications", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "ownerOfApp", + "frIndexedString1", + "frIndexedString2", + "frIndexedString3", + "frIndexedString4", + "frIndexedString5", + "frUnindexedString1", + "frUnindexedString2", + "frUnindexedString3", + "frUnindexedString4", + "frUnindexedString5", + "frIndexedMultivalued1", + "frIndexedMultivalued2", + "frIndexedMultivalued3", + "frIndexedMultivalued4", + "frIndexedMultivalued5", + "frUnindexedMultivalued1", + "frUnindexedMultivalued2", + "frUnindexedMultivalued3", + "frUnindexedMultivalued4", + "frUnindexedMultivalued5", + "frIndexedDate1", + "frIndexedDate2", + "frIndexedDate3", + "frIndexedDate4", + "frIndexedDate5", + "frUnindexedDate1", + "frUnindexedDate2", + "frUnindexedDate3", + "frUnindexedDate4", + "frUnindexedDate5", + "frIndexedInteger1", + "frIndexedInteger2", + "frIndexedInteger3", + "frIndexedInteger4", + "frIndexedInteger5", + "frUnindexedInteger1", + "frUnindexedInteger2", + "frUnindexedInteger3", + "frUnindexedInteger4", + "frUnindexedInteger5", + "assignedDashboard", + ], "properties": { - "__PASSWORD__": { - "displayName": "Password", - "order": 17, - "userSpecific": true, - }, - "__roles__": { - "displayName": "Roles", - "nonAccountObject": "directoryRole", - "order": 3, - "userSpecific": true, - }, - "__servicePlanIds__": { - "displayName": "Service Plan Ids", - "nonAccountObject": "servicePlan", - "order": 27, - "userSpecific": true, - }, - "accountEnabled": { - "displayName": "Account Enabled", - "order": 0, - "userSpecific": true, - }, - "city": { - "displayName": "City", - "order": 5, - "userSpecific": true, - }, - "companyName": { - "displayName": "Company Name", - "order": 4, - "userSpecific": true, - }, - "country": { - "displayName": "Country", - "order": 6, - "userSpecific": true, + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, }, - "department": { - "displayName": "Department", - "order": 7, - "userSpecific": true, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, }, - "displayName": { - "displayName": "Display Name", - "order": 8, - "userSpecific": true, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true, }, - "givenName": { - "displayName": "Given Name", - "order": 9, - "userSpecific": true, + "aliasList": { + "description": "List of identity aliases used primarily to record social IdP subjects for this user", + "isVirtual": false, + "items": { + "title": "User Alias Names Items", + "type": "string", + }, + "returnByDefault": false, + "searchable": false, + "title": "User Alias Names List", + "type": "array", + "userEditable": true, + "viewable": false, }, - "jobTitle": { - "displayName": "Job Title", - "order": 11, - "userSpecific": true, + "applications": { + "description": "Applications", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": false, }, - "mail": { - "displayName": "Mail", - "isDisplay": true, - "isMail": true, - "order": 1, - "userSpecific": true, + "assignedDashboard": { + "description": "List of items to click on for this user", + "isVirtual": true, + "items": { + "title": "Assigned Dashboard Items", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "searchable": false, + "title": "Assigned Dashboard", + "type": "array", + "userEditable": false, + "viewable": true, }, - "mailNickname": { - "displayName": "Mail Nickname", - "order": 12, - "userSpecific": true, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/alpha_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, }, - "manager": { - "displayName": "Manager", - "order": 13, - "userSpecific": true, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Authorization Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, }, - "memberOf": { - "displayName": "Member Of", - "nonAccountObject": "__GROUP__", - "order": 2, - "userSpecific": true, + "city": { + "description": "City", + "isPersonal": false, + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "mobilePhone": { - "displayName": "Mobile Phone", - "order": 14, - "userSpecific": true, + "cn": { + "default": "{{givenName}} {{sn}}", + "description": "Common Name", + "isPersonal": true, + "scope": "private", + "searchable": false, + "title": "Common Name", + "type": "string", + "userEditable": false, + "viewable": false, }, - "onPremisesImmutableId": { - "displayName": "On Premises Immutable Id", - "order": 10, - "userSpecific": true, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "items": { + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mappings Item", + "type": "object", + }, + "title": "Consented Mappings Items", + "type": "array", + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, }, - "onPremisesSecurityIdentifier": { - "displayName": "On Premises Security Identifier", - "order": 15, - "userSpecific": true, + "country": { + "description": "Country", + "isPersonal": false, + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "otherMails": { - "displayName": "Other Mails", - "order": 16, - "userSpecific": true, + "description": { + "description": "Description", + "isPersonal": false, + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "postalCode": { - "displayName": "Postal Code", - "order": 18, - "userSpecific": true, + "effectiveApplications": { + "description": "Effective Applications", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assigned Application Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Applications", + "type": "array", + "viewable": false, }, - "preferredLanguage": { - "displayName": "Preferred Language", - "order": 19, - "userSpecific": true, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "*", + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments", + ], + [ + "assignments", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false, }, - "proxyAddresses": { - "displayName": "Proxy Addresses", - "order": 20, - "userSpecific": true, + "effectiveGroups": { + "description": "Effective Groups", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Groups Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "groups", + ], + }, + "returnByDefault": true, + "title": "Effective Groups", + "type": "array", + "usageDescription": "", + "viewable": false, }, - "state": { - "displayName": "State", - "order": 21, - "userSpecific": true, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles", + ], + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false, }, - "streetAddress": { - "displayName": "Street Address", - "order": 22, - "userSpecific": true, + "frIndexedDate1": { + "description": "Generic Indexed Date 1", + "isPersonal": false, + "title": "Generic Indexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "surname": { - "displayName": "Surname", - "order": 23, - "userSpecific": true, + "frIndexedDate2": { + "description": "Generic Indexed Date 2", + "isPersonal": false, + "title": "Generic Indexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "usageLocation": { - "displayName": "Usage Location", - "order": 24, - "userSpecific": true, + "frIndexedDate3": { + "description": "Generic Indexed Date 3", + "isPersonal": false, + "title": "Generic Indexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "userPrincipalName": { - "displayName": "User Principal Name", - "isUsername": true, - "order": 25, - "userSpecific": true, + "frIndexedDate4": { + "description": "Generic Indexed Date 4", + "isPersonal": false, + "title": "Generic Indexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "userType": { - "displayName": "User Type", - "order": 26, - "userSpecific": true, + "frIndexedDate5": { + "description": "Generic Indexed Date 5", + "isPersonal": false, + "title": "Generic Indexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - }, - }, - "__GROUP__": { - "properties": { - "__NAME__": { - "displayName": "Name", - "order": 2, - "userSpecific": true, + "frIndexedInteger1": { + "description": "Generic Indexed Integer 1", + "isPersonal": false, + "title": "Generic Indexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "description": { - "displayName": "Description", - "order": 4, - "userSpecific": true, + "frIndexedInteger2": { + "description": "Generic Indexed Integer 2", + "isPersonal": false, + "title": "Generic Indexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "displayName": { - "displayName": "Display Name", - "order": 3, - "userSpecific": true, + "frIndexedInteger3": { + "description": "Generic Indexed Integer 3", + "isPersonal": false, + "title": "Generic Indexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "groupTypes": { - "displayName": "Group Types", - "order": 10, - "userSpecific": true, + "frIndexedInteger4": { + "description": "Generic Indexed Integer 4", + "isPersonal": false, + "title": "Generic Indexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "id": { - "displayName": "Id", - "order": 0, - "userSpecific": true, + "frIndexedInteger5": { + "description": "Generic Indexed Integer 5", + "isPersonal": false, + "title": "Generic Indexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "mail": { - "displayName": "Mail", - "order": 5, - "userSpecific": true, + "frIndexedMultivalued1": { + "description": "Generic Indexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "mailEnabled": { - "displayName": "Mail Enabled", - "order": 6, - "userSpecific": true, + "frIndexedMultivalued2": { + "description": "Generic Indexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "onPremisesSecurityIdentifier": { - "displayName": "On Premises Security Identifier", - "order": 7, - "userSpecific": true, + "frIndexedMultivalued3": { + "description": "Generic Indexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "proxyAddresses": { - "displayName": "Proxy Addresses", - "order": 8, - "userSpecific": true, + "frIndexedMultivalued4": { + "description": "Generic Indexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "securityEnabled": { - "displayName": "Security Enabled", - "order": 9, - "userSpecific": true, + "frIndexedMultivalued5": { + "description": "Generic Indexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "type": { - "displayName": "Type", - "order": 1, - "userSpecific": true, + "frIndexedString1": { + "description": "Generic Indexed String 1", + "isPersonal": false, + "title": "Generic Indexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - }, - }, - "directoryRole": { - "properties": { - "description": { - "displayName": "description", - "order": 0, - "userSpecific": true, + "frIndexedString2": { + "description": "Generic Indexed String 2", + "isPersonal": false, + "title": "Generic Indexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "displayName": { - "displayName": "displayName", - "order": 1, - "userSpecific": true, + "frIndexedString3": { + "description": "Generic Indexed String 3", + "isPersonal": false, + "title": "Generic Indexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - }, - }, - "servicePlan": { - "properties": { - "__NAME__": { - "displayName": "__NAME__", - "order": 5, - "userSpecific": true, + "frIndexedString4": { + "description": "Generic Indexed String 4", + "isPersonal": false, + "title": "Generic Indexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "appliesTo": { - "displayName": "appliesTo", - "order": 0, - "userSpecific": true, + "frIndexedString5": { + "description": "Generic Indexed String 5", + "isPersonal": false, + "title": "Generic Indexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "provisioningStatus": { - "displayName": "provisioningStatus", - "order": 2, - "userSpecific": true, + "frUnindexedDate1": { + "description": "Generic Unindexed Date 1", + "isPersonal": false, + "title": "Generic Unindexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "servicePlanId": { - "displayName": "servicePlanId", - "order": 1, - "userSpecific": true, + "frUnindexedDate2": { + "description": "Generic Unindexed Date 2", + "isPersonal": false, + "title": "Generic Unindexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "servicePlanName": { - "displayName": "servicePlanName", - "order": 4, - "userSpecific": true, + "frUnindexedDate3": { + "description": "Generic Unindexed Date 3", + "isPersonal": false, + "title": "Generic Unindexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - "subscriberSkuId": { - "displayName": "subscriberSkuId", - "order": 3, - "userSpecific": true, + "frUnindexedDate4": { + "description": "Generic Unindexed Date 4", + "isPersonal": false, + "title": "Generic Unindexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, }, - }, - }, - }, - }, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/application/Google.application.json 1`] = ` -{ - "managedApplication": { - "2e4663b7-aed2-4521-8819-d379449d91b0": { - "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", - "description": "Link to Google", - "name": "Google", - "ssoEntities": {}, - "templateName": "bookmark", - "templateVersion": "1.0", - "url": "https://www.google.com/", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/application/testLDAP.application.json 1`] = ` -{ - "managedApplication": { - "e124e6f6-e25a-4180-a6c3-ff8b782a422c": { - "_id": "e124e6f6-e25a-4180-a6c3-ff8b782a422c", - "authoritative": true, - "description": "desc", - "icon": "", - "name": "testLDAP", - "templateName": "ldap", - "templateVersion": "2.1", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/authentication/root-alpha.authentication.settings.json 1`] = ` -{ - "authentication": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Core", - }, - "accountlockout": { - "lockoutDuration": 0, - "lockoutDurationMultiplier": 1, - "lockoutWarnUserCount": 0, - "loginFailureCount": 5, - "loginFailureDuration": 300, - "loginFailureLockoutMode": false, - "storeInvalidAttemptsInDataStore": true, - }, - "core": { - "adminAuthModule": "Login", - "orgConfig": "Login", - }, - "general": { - "defaultAuthLevel": 0, - "externalLoginPageUrl": "https://volker-demo.encore.forgerock.com/demo/webapp/en/home/redirect", - "identityType": [ - "agent", - "user", - ], - "locale": "en_US", - "statelessSessionsEnabled": false, - "twoFactorRequired": false, - "userStatusCallbackPlugins": [], - }, - "postauthprocess": { - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [ - "/enduser/?realm=/alpha", - ], - "userAttributeSessionMapping": [], - "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", - "usernameGeneratorEnabled": true, - }, - "security": { - "addClearSiteDataHeader": true, - "keyAlias": "test", - "moduleBasedAuthEnabled": false, - "sharedSecret": { - "$string": "&{am.authentication.shared.secret}", - }, - "zeroPageLoginAllowedWithoutReferrer": true, - "zeroPageLoginEnabled": false, - "zeroPageLoginReferrerWhiteList": [], - }, - "trees": { - "authenticationSessionsMaxDuration": 5, - "authenticationSessionsStateManagement": "JWT", - "authenticationSessionsWhitelist": false, - "authenticationTreeCookieHttpOnly": true, - "suspendedAuthenticationTimeout": 1440, - }, - "userprofile": { - "aliasAttributeName": [ - "uid", - ], - "defaultRole": [], - "dynamicProfileCreation": "false", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/cot/2f04818d-561e-4f8a-82e8-af2426112138.cot.saml.json 1`] = ` -{ - "meta": Any, - "saml": { - "cot": { - "2f04818d-561e-4f8a-82e8-af2426112138": { - "_id": "2f04818d-561e-4f8a-82e8-af2426112138", - "_type": { - "_id": "circlesoftrust", - "collection": true, - "name": "Circle of Trust", - }, - "status": "active", - "trustedProviders": [ - "benefits-IDP|saml2", - "iSPAzure|saml2", - ], - }, - }, - "hosted": {}, - "metadata": {}, - "remote": {}, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/cot/AzureCOT.cot.saml.json 1`] = ` -{ - "meta": Any, - "saml": { - "cot": { - "AzureCOT": { - "_id": "AzureCOT", - "_type": { - "_id": "circlesoftrust", - "collection": true, - "name": "Circle of Trust", - }, - "status": "active", - "trustedProviders": [ - "iSPAzure|saml2", - "urn:federation:MicrosoftOnline|saml2", - "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/|saml2", - "SPAzure|saml2", - "https://idc.scheuber.io/am/saml2/IDPAzure|saml2", - ], - }, - }, - "hosted": {}, - "metadata": {}, - "remote": {}, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/cot/affiliation-test.cot.saml.json 1`] = ` -{ - "meta": Any, - "saml": { - "cot": { - "affiliation-test": { - "_id": "affiliation-test", - "_type": { - "_id": "circlesoftrust", - "collection": true, - "name": "Circle of Trust", - }, - "status": "active", - "trustedProviders": [], - }, - }, - "hosted": {}, - "metadata": {}, - "remote": {}, - }, -} -`; - -exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/idp/adfs.idp.json 1`] = ` -{ - "idp": { - "adfs": { - "_id": "adfs", - "_type": { - "_id": "oidcConfig", - "collection": true, - "name": "Client configuration for providers that implement the OpenID Connect specification.", - }, - "acrValues": [], - "authenticationIdKey": "sub", - "authorizationEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/authorize", - "clientAuthenticationMethod": "CLIENT_SECRET_POST", - "clientId": "aa9a179e-cdba-4db8-8477-3d1069d5ec04", - "enableNativeNonce": true, - "enabled": true, - "encryptJwtRequestParameter": false, - "encryptedIdTokens": false, - "issuer": "https://adfs.mytestrun.com/adfs", - "issuerComparisonCheckType": "EXACT", - "jwksUriEndpoint": "https://adfs.mytestrun.com/adfs/discovery/keys", - "jwtEncryptionAlgorithm": "NONE", - "jwtEncryptionMethod": "NONE", - "jwtRequestParameterOption": "NONE", - "jwtSigningAlgorithm": "RS256", - "pkceMethod": "S256", - "privateKeyJwtExpTime": 600, - "redirectURI": "https://idc.scheuber.io/login", - "responseMode": "DEFAULT", - "revocationCheckOptions": [], - "scopeDelimiter": " ", - "scopes": [ - "openid", - "profile", - "email", - ], - "tokenEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/token", - "transform": "dbe0bf9a-72aa-49d5-8483-9db147985a47", - "uiConfig": { - "buttonClass": "", - "buttonCustomStyle": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", - "buttonCustomStyleHover": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", - "buttonDisplayName": "Microsoft ADFS", - "buttonImage": "/login/images/microsoft-logo.png", - "iconBackground": "#0078d7", - "iconClass": "fa-windows", + "frUnindexedDate5": { + "description": "Generic Unindexed Date 5", + "isPersonal": false, + "title": "Generic Unindexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger1": { + "description": "Generic Unindexed Integer 1", + "isPersonal": false, + "title": "Generic Unindexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger2": { + "description": "Generic Unindexed Integer 2", + "isPersonal": false, + "title": "Generic Unindexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger3": { + "description": "Generic Unindexed Integer 3", + "isPersonal": false, + "title": "Generic Unindexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger4": { + "description": "Generic Unindexed Integer 4", + "isPersonal": false, + "title": "Generic Unindexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger5": { + "description": "Generic Unindexed Integer 5", + "isPersonal": false, + "title": "Generic Unindexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued1": { + "description": "Generic Unindexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued2": { + "description": "Generic Unindexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued3": { + "description": "Generic Unindexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued4": { + "description": "Generic Unindexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued5": { + "description": "Generic Unindexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString1": { + "description": "Generic Unindexed String 1", + "isPersonal": false, + "title": "Generic Unindexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString2": { + "description": "Generic Unindexed String 2", + "isPersonal": false, + "title": "Generic Unindexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString3": { + "description": "Generic Unindexed String 3", + "isPersonal": false, + "title": "Generic Unindexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString4": { + "description": "Generic Unindexed String 4", + "isPersonal": false, + "title": "Generic Unindexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString5": { + "description": "Generic Unindexed String 5", + "isPersonal": false, + "title": "Generic Unindexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "groups": { + "description": "Groups", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Group", + "path": "managed/alpha_group", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": false, + "returnByDefault": false, + "title": "Groups", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId", + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string", + }, + "customQuestion": { + "description": "Custom question", + "type": "string", + }, + "questionId": { + "description": "Question ID", + "type": "string", + }, + }, + "required": [], + "title": "KBA Info Items", + "type": "object", + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp", + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "title": "Effective Assignments", + "type": "array", + }, + "timestamp": { + "description": "Timestamp", + "type": "string", + }, + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format", + }, + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Manager _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "memberOfOrg", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "ownerOfApp": { + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Applications I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "password": { + "description": "Password", + "isPersonal": false, + "isProtected": true, + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing", + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean", + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean", + }, + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "profileImage": { + "description": "Profile Image", + "isPersonal": true, + "searchable": true, + "title": "Profile Image", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Direct Reports Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/alpha_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "userName": { + "description": "Username", + "isPersonal": true, + "minLength": 1, + "policies": [ + { + "policyId": "valid-username", + }, + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "userName", + "givenName", + "sn", + "mail", + ], + "title": "Alpha realm - User", + "type": "object", + "viewable": true, + }, + }, + { + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync", + }, + "meta": { + "property": "_meta", + "resourceCollection": "managed/bravo_usermeta", + "trackedProperties": [ + "createDate", + "lastChanged", + ], + }, + "name": "bravo_user", + "notifications": {}, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "cn", + "sn", + "mail", + "profileImage", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "groups", + "applications", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "effectiveGroups", + "effectiveApplications", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "ownerOfApp", + "frIndexedString1", + "frIndexedString2", + "frIndexedString3", + "frIndexedString4", + "frIndexedString5", + "frUnindexedString1", + "frUnindexedString2", + "frUnindexedString3", + "frUnindexedString4", + "frUnindexedString5", + "frIndexedMultivalued1", + "frIndexedMultivalued2", + "frIndexedMultivalued3", + "frIndexedMultivalued4", + "frIndexedMultivalued5", + "frUnindexedMultivalued1", + "frUnindexedMultivalued2", + "frUnindexedMultivalued3", + "frUnindexedMultivalued4", + "frUnindexedMultivalued5", + "frIndexedDate1", + "frIndexedDate2", + "frIndexedDate3", + "frIndexedDate4", + "frIndexedDate5", + "frUnindexedDate1", + "frUnindexedDate2", + "frUnindexedDate3", + "frUnindexedDate4", + "frUnindexedDate5", + "frIndexedInteger1", + "frIndexedInteger2", + "frIndexedInteger3", + "frIndexedInteger4", + "frIndexedInteger5", + "frUnindexedInteger1", + "frUnindexedInteger2", + "frUnindexedInteger3", + "frUnindexedInteger4", + "frUnindexedInteger5", + "assignedDashboard", + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "aliasList": { + "description": "List of identity aliases used primarily to record social IdP subjects for this user", + "isVirtual": false, + "items": { + "title": "User Alias Names Items", + "type": "string", + }, + "returnByDefault": false, + "searchable": false, + "title": "User Alias Names List", + "type": "array", + "userEditable": true, + "viewable": false, + }, + "applications": { + "description": "Applications", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "assignedDashboard": { + "description": "List of items to click on for this user", + "isVirtual": true, + "items": { + "title": "Assigned Dashboard Items", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "searchable": false, + "title": "Assigned Dashboard", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/bravo_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Authorization Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "city": { + "description": "City", + "isPersonal": false, + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "cn": { + "default": "{{givenName}} {{sn}}", + "description": "Common Name", + "isPersonal": true, + "scope": "private", + "searchable": false, + "title": "Common Name", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "items": { + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mappings Item", + "type": "object", + }, + "title": "Consented Mappings Items", + "type": "array", + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "country": { + "description": "Country", + "isPersonal": false, + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "description": { + "description": "Description", + "isPersonal": false, + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "effectiveApplications": { + "description": "Effective Applications", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assigned Application Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "name", + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications", + ], + [ + "applications", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Applications", + "type": "array", + "viewable": false, + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "*", + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments", + ], + [ + "assignments", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveGroups": { + "description": "Effective Groups", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Groups Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "groups", + ], + }, + "returnByDefault": true, + "title": "Effective Groups", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles", + ], + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "frIndexedDate1": { + "description": "Generic Indexed Date 1", + "isPersonal": false, + "title": "Generic Indexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate2": { + "description": "Generic Indexed Date 2", + "isPersonal": false, + "title": "Generic Indexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate3": { + "description": "Generic Indexed Date 3", + "isPersonal": false, + "title": "Generic Indexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate4": { + "description": "Generic Indexed Date 4", + "isPersonal": false, + "title": "Generic Indexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedDate5": { + "description": "Generic Indexed Date 5", + "isPersonal": false, + "title": "Generic Indexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger1": { + "description": "Generic Indexed Integer 1", + "isPersonal": false, + "title": "Generic Indexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger2": { + "description": "Generic Indexed Integer 2", + "isPersonal": false, + "title": "Generic Indexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger3": { + "description": "Generic Indexed Integer 3", + "isPersonal": false, + "title": "Generic Indexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger4": { + "description": "Generic Indexed Integer 4", + "isPersonal": false, + "title": "Generic Indexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedInteger5": { + "description": "Generic Indexed Integer 5", + "isPersonal": false, + "title": "Generic Indexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued1": { + "description": "Generic Indexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued2": { + "description": "Generic Indexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued3": { + "description": "Generic Indexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued4": { + "description": "Generic Indexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedMultivalued5": { + "description": "Generic Indexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Indexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString1": { + "description": "Generic Indexed String 1", + "isPersonal": false, + "title": "Generic Indexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString2": { + "description": "Generic Indexed String 2", + "isPersonal": false, + "title": "Generic Indexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString3": { + "description": "Generic Indexed String 3", + "isPersonal": false, + "title": "Generic Indexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString4": { + "description": "Generic Indexed String 4", + "isPersonal": false, + "title": "Generic Indexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frIndexedString5": { + "description": "Generic Indexed String 5", + "isPersonal": false, + "title": "Generic Indexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate1": { + "description": "Generic Unindexed Date 1", + "isPersonal": false, + "title": "Generic Unindexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate2": { + "description": "Generic Unindexed Date 2", + "isPersonal": false, + "title": "Generic Unindexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate3": { + "description": "Generic Unindexed Date 3", + "isPersonal": false, + "title": "Generic Unindexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate4": { + "description": "Generic Unindexed Date 4", + "isPersonal": false, + "title": "Generic Unindexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedDate5": { + "description": "Generic Unindexed Date 5", + "isPersonal": false, + "title": "Generic Unindexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger1": { + "description": "Generic Unindexed Integer 1", + "isPersonal": false, + "title": "Generic Unindexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger2": { + "description": "Generic Unindexed Integer 2", + "isPersonal": false, + "title": "Generic Unindexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger3": { + "description": "Generic Unindexed Integer 3", + "isPersonal": false, + "title": "Generic Unindexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger4": { + "description": "Generic Unindexed Integer 4", + "isPersonal": false, + "title": "Generic Unindexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedInteger5": { + "description": "Generic Unindexed Integer 5", + "isPersonal": false, + "title": "Generic Unindexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued1": { + "description": "Generic Unindexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued2": { + "description": "Generic Unindexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued3": { + "description": "Generic Unindexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued4": { + "description": "Generic Unindexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedMultivalued5": { + "description": "Generic Unindexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string", + }, + "title": "Generic Unindexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString1": { + "description": "Generic Unindexed String 1", + "isPersonal": false, + "title": "Generic Unindexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString2": { + "description": "Generic Unindexed String 2", + "isPersonal": false, + "title": "Generic Unindexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString3": { + "description": "Generic Unindexed String 3", + "isPersonal": false, + "title": "Generic Unindexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString4": { + "description": "Generic Unindexed String 4", + "isPersonal": false, + "title": "Generic Unindexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "frUnindexedString5": { + "description": "Generic Unindexed String 5", + "isPersonal": false, + "title": "Generic Unindexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "groups": { + "description": "Groups", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Groups Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Group", + "path": "managed/bravo_group", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": false, + "returnByDefault": false, + "title": "Groups", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId", + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string", + }, + "customQuestion": { + "description": "Custom question", + "type": "string", + }, + "questionId": { + "description": "Question ID", + "type": "string", + }, + }, + "required": [], + "title": "KBA Info Items", + "type": "object", + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp", + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "title": "Effective Assignments", + "type": "array", + }, + "timestamp": { + "description": "Timestamp", + "type": "string", + }, + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format", + }, + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Manager _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "memberOfOrg", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "ownerOfApp": { + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [ + "name", + ], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Applications I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "password": { + "description": "Password", + "isPersonal": false, + "isProtected": true, + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing", + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean", + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean", + }, + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "profileImage": { + "description": "Profile Image", + "isPersonal": true, + "searchable": true, + "title": "Profile Image", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Direct Reports Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/bravo_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "userName": { + "description": "Username", + "isPersonal": true, + "minLength": 1, + "policies": [ + { + "policyId": "valid-username", + }, + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "userName", + "givenName", + "sn", + "mail", + ], + "title": "Bravo realm - User", + "type": "object", + "viewable": true, + }, + }, + { + "name": "alpha_role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square-o", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "applications", + "condition", + "temporalConstraints", + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "applications": { + "description": "Role Applications", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Application Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Application Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "viewable": false, + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Assignments Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/alpha_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration", + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string", + }, + }, + "required": [ + "duration", + ], + "title": "Temporal Constraints Items", + "type": "object", + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Role", + "type": "object", + }, + }, + { + "name": "bravo_role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square-o", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "applications", + "condition", + "temporalConstraints", + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "applications": { + "description": "Role Applications", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Application Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Application Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "viewable": false, + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Assignments Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/bravo_assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration", + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string", + }, + }, + "required": [ + "duration", + ], + "title": "Temporal Constraints Items", + "type": "object", + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Role", + "type": "object", + }, + }, + { + "attributeEncryption": {}, + "name": "alpha_assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "type", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", + }, + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object", + }, + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string", + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true, + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Assignment Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/alpha_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "type": { + "description": "The type of object this assignment represents", + "title": "Type", + "type": "string", + "viewable": true, + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Alpha realm - Assignment", + "type": "object", + }, + }, + { + "attributeEncryption": {}, + "name": "bravo_assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "type", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", + }, + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object", + }, + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string", + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true, + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Assignment Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/bravo_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "type": { + "description": "The type of object this assignment represents", + "title": "Type", + "type": "string", + "viewable": true, + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Bravo realm - Assignment", + "type": "object", + }, + }, + { + "name": "alpha_organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "admins", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members", + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Organization", + "type": "object", + }, + }, + { + "name": "bravo_organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "admins", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members", + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Organization", + "type": "object", + }, + }, + { + "name": "alpha_group", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-group", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", + "mat-icon": "group", + "order": [ + "_id", + "name", + "description", + "condition", + "members", + ], + "properties": { + "_id": { + "description": "Group ID", + "isPersonal": false, + "policies": [ + { + "params": { + "propertyName": "name", + }, + "policyId": "id-must-equal-property", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "condition": { + "description": "A filter for conditionally assigned members", + "isConditional": true, + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "Group Description", + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": false, + "viewable": true, + }, + "members": { + "description": "Group Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "groups", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Group Name", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Group", + "viewable": true, + }, + }, + { + "name": "bravo_group", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-group", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", + "mat-icon": "group", + "order": [ + "_id", + "name", + "description", + "condition", + "members", + ], + "properties": { + "_id": { + "description": "Group ID", + "isPersonal": false, + "policies": [ + { + "params": { + "propertyName": "name", + }, + "policyId": "id-must-equal-property", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "condition": { + "description": "A filter for conditionally assigned members", + "isConditional": true, + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "Group Description", + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": false, + "viewable": true, + }, + "members": { + "description": "Group Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "groups", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Group Name", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Group", + "viewable": true, + }, + }, + { + "name": "alpha_application", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "Application Object", + "icon": "fa-folder", + "order": [ + "name", + "description", + "url", + "icon", + "mappingNames", + "owners", + "roles", + "members", + ], + "properties": { + "_id": { + "description": "Application ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "userEditable": false, + "viewable": false, + }, + "authoritative": { + "description": "Is this an authoritative application", + "searchable": false, + "title": "Authoritative", + "type": "boolean", + "viewable": false, + }, + "connectorId": { + "description": "Id of the connector associated with the application", + "searchable": false, + "title": "Connector ID", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "description": { + "description": "Application Description", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "icon": { + "searchable": true, + "title": "Icon", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mappingNames": { + "description": "Names of the sync mappings used by an application with provisioning configured.", + "items": { + "title": "Mapping Name Items", + "type": "string", + }, + "searchable": true, + "title": "Sync Mapping Names", + "type": "array", + "viewable": true, + }, + "members": { + "description": "Application Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Application name", + "notifyRelationships": [ + "roles", + "members", + ], + "policies": [ + { + "policyId": "unique", + }, + ], + "returnByDefault": true, + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "owners": { + "description": "Application Owners", + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Application _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "ownerOfApp", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Owners", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Roles granting users the application", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/alpha_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ssoEntities": { + "description": "SSO Entity Id", + "properties": { + "idpLocation": { + "type": "string", + }, + "idpPrivateId": { + "type": "string", + }, + "spLocation": { + "type": "string", + }, + "spPrivate": { + "type": "string", + }, + }, + "searchable": false, + "title": "SSO Entity Id", + "type": "object", + "userEditable": false, + "viewable": false, + }, + "templateName": { + "description": "Name of the template the application was created from", + "searchable": false, + "title": "Template Name", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "templateVersion": { + "description": "The template version", + "searchable": false, + "title": "Template Version", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "uiConfig": { + "description": "UI Config", + "isPersonal": false, + "properties": {}, + "searchable": false, + "title": "UI Config", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "url": { + "searchable": true, + "title": "Url", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Alpha realm - Application", + "type": "object", + }, + }, + { + "name": "bravo_application", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "Application Object", + "icon": "fa-folder", + "order": [ + "name", + "description", + "url", + "icon", + "mappingNames", + "owners", + "roles", + "members", + ], + "properties": { + "_id": { + "description": "Application ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "userEditable": false, + "viewable": false, + }, + "authoritative": { + "description": "Is this an authoritative application", + "searchable": false, + "title": "Authoritative", + "type": "boolean", + "viewable": false, + }, + "connectorId": { + "description": "Id of the connector associated with the application", + "searchable": false, + "title": "Connector ID", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "description": { + "description": "Application Description", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "icon": { + "searchable": true, + "title": "Icon", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mappingNames": { + "description": "Names of the sync mappings used by an application with provisioning configured.", + "items": { + "title": "Mapping Name Items", + "type": "string", + }, + "searchable": true, + "title": "Sync Mapping Names", + "type": "array", + "viewable": true, + }, + "members": { + "description": "Application Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Group Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "description": "Application name", + "notifyRelationships": [ + "roles", + "members", + ], + "policies": [ + { + "policyId": "unique", + }, + ], + "returnByDefault": true, + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "owners": { + "description": "Application Owners", + "items": { + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Application _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "ownerOfApp", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Owners", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Roles granting users the application", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/bravo_role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "ssoEntities": { + "description": "SSO Entity Id", + "properties": { + "idpLocation": { + "type": "string", + }, + "idpPrivateId": { + "type": "string", + }, + "spLocation": { + "type": "string", + }, + "spPrivate": { + "type": "string", + }, + }, + "searchable": false, + "title": "SSO Entity Id", + "type": "object", + "userEditable": false, + "viewable": false, + }, + "templateName": { + "description": "Name of the template the application was created from", + "searchable": false, + "title": "Template Name", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "templateVersion": { + "description": "The template version", + "searchable": false, + "title": "Template Version", + "type": "string", + "userEditable": false, + "viewable": false, + }, + "uiConfig": { + "description": "UI Config", + "isPersonal": false, + "properties": {}, + "searchable": false, + "title": "UI Config", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "url": { + "searchable": true, + "title": "Url", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "name", + ], + "title": "Bravo realm - Application", + "type": "object", + }, + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/policy.idm.json 1`] = ` +{ + "idm": { + "policy": { + "_id": "policy", + "additionalFiles": [], + "resources": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privilegeAssignments.idm.json 1`] = ` +{ + "idm": { + "privilegeAssignments": { + "_id": "privilegeAssignments", + "privilegeAssignments": [ + { + "name": "ownerPrivileges", + "privileges": [ + "owner-view-update-delete-orgs", + "owner-create-orgs", + "owner-view-update-delete-admins-and-members", + "owner-create-admins", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "ownerOfOrg", + }, + { + "name": "adminPrivileges", + "privileges": [ + "admin-view-update-delete-orgs", + "admin-create-orgs", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "adminOfOrg", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/privileges.idm.json 1`] = ` +{ + "idm": { + "privileges": { + "_id": "privileges", + "privileges": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openic/GoogleApps.idm.json 1`] = ` +{ + "idm": { + "provisioner.openic/GoogleApps": { + "_id": "provisioner.openic/GoogleApps", + "configurationProperties": { + "availableLicenses": [ + "101005/1010050001", + "101001/1010010001", + "101031/1010310010", + "101034/1010340002", + "101038/1010380002", + "101034/1010340001", + "101038/1010380003", + "101034/1010340004", + "101034/1010340003", + "101034/1010340006", + "Google-Apps/Google-Apps-For-Business", + "101034/1010340005", + "Google-Vault/Google-Vault", + "Google-Apps/1010020031", + "Google-Apps/1010020030", + "Google-Apps/1010060003", + "Google-Apps/1010060005", + "Google-Apps/Google-Apps-Unlimited", + "Google-Apps/1010020029", + "Google-Apps/Google-Apps-Lite", + "101031/1010310003", + "101033/1010330002", + "101033/1010330004", + "Google-Apps/Google-Apps-For-Education", + "101031/1010310002", + "101033/1010330003", + "Google-Apps/1010020026", + "101031/1010310007", + "Google-Apps/1010020025", + "101031/1010310008", + "Google-Apps/1010020028", + "Google-Apps/Google-Apps-For-Postini", + "101031/1010310005", + "Google-Apps/1010020027", + "101031/1010310006", + "101031/1010310009", + "Google-Vault/Google-Vault-Former-Employee", + "101038/1010370001", + "Google-Apps/1010020020", + "Google-Apps/1010060001", + ], + "clientId": "&{esv.gac.client.id}", + "clientSecret": "&{esv.gac.secret}", + "domain": "&{esv.gac.domain}", + "groupsMaxResults": "200", + "listProductAndSkuMaxResults": "100", + "listProductMaxResults": "100", + "membersMaxResults": "200", + "proxyHost": null, + "proxyPort": 8080, + "refreshToken": "&{esv.gac.refresh}", + "roleAssignmentMaxResults": 100, + "roleMaxResults": 100, + "usersMaxResults": "100", + "validateCertificate": true, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", + "bundleVersion": "[1.5.0.0,1.6.0.0)", + "connectorHostRef": "", + "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", + "displayName": "GoogleApps Connector", + "systemType": "provisioner.openicf", + }, + "enabled": { + "$bool": "&{esv.gac.enable.connector}", + }, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__GROUPS__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__GROUPS__", + "nativeType": "string", + "type": "array", + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string", + }, + "__PHOTO__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PHOTO__", + "nativeType": "JAVA_TYPE_BYTE_ARRAY", + "type": "string", + }, + "__SECONDARY_EMAILS__": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__SECONDARY_EMAILS__", + "nativeType": "object", + "type": "array", + }, + "__UID__": { + "nativeName": "__UID__", + "nativeType": "string", + "required": false, + "type": "string", + }, + "addresses": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "addresses", + "nativeType": "object", + "type": "array", + }, + "agreedToTerms": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "agreedToTerms", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "aliases": { + "flags": [ + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "aliases", + "nativeType": "string", + "type": "array", + }, + "archived": { + "nativeName": "archived", + "nativeType": "boolean", + "type": "boolean", + }, + "changePasswordAtNextLogin": { + "nativeName": "changePasswordAtNextLogin", + "nativeType": "boolean", + "type": "boolean", + }, + "creationTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "creationTime", + "nativeType": "string", + "type": "array", + }, + "customSchemas": { + "nativeName": "customSchemas", + "nativeType": "object", + "type": "object", + }, + "customerId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "customerId", + "nativeType": "string", + "type": "string", + }, + "deletionTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "deletionTime", + "nativeType": "string", + "type": "string", + }, + "externalIds": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "externalIds", + "nativeType": "object", + "type": "array", + }, + "familyName": { + "nativeName": "familyName", + "nativeType": "string", + "type": "string", + }, + "fullName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "fullName", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "hashFunction": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "hashFunction", + "nativeType": "string", + "type": "string", + }, + "ims": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "ims", + "nativeType": "object", + "type": "array", + }, + "includeInGlobalAddressList": { + "nativeName": "includeInGlobalAddressList", + "nativeType": "boolean", + "type": "boolean", + }, + "ipWhitelisted": { + "nativeName": "ipWhitelisted", + "nativeType": "boolean", + "type": "boolean", + }, + "isAdmin": { + "nativeName": "isAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isDelegatedAdmin": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isDelegatedAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isEnforcedIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnforcedIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isEnrolledIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnrolledIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isMailboxSetup": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isMailboxSetup", + "nativeType": "boolean", + "type": "boolean", + }, + "languages": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "languages", + "nativeType": "object", + "type": "array", + }, + "lastLoginTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "lastLoginTime", + "nativeType": "string", + "type": "array", + }, + "nonEditableAliases": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "nonEditableAliases", + "nativeType": "string", + "type": "array", + }, + "orgUnitPath": { + "nativeName": "orgUnitPath", + "nativeType": "string", + "type": "string", + }, + "organizations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "organizations", + "nativeType": "object", + "type": "array", + }, + "phones": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "phones", + "nativeType": "object", + "type": "array", + }, + "primaryEmail": { + "nativeName": "primaryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryEmail": { + "nativeName": "recoveryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryPhone": { + "nativeName": "recoveryPhone", + "nativeType": "string", + "type": "string", + }, + "relations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "relations", + "nativeType": "object", + "type": "array", + }, + "suspended": { + "nativeName": "suspended", + "nativeType": "boolean", + "type": "boolean", + }, + "suspensionReason": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "suspensionReason", + "nativeType": "string", + "type": "string", + }, + "thumbnailPhotoUrl": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "thumbnailPhotoUrl", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf.connectorinfoprovider.idm.json 1`] = ` +{ + "idm": { + "provisioner.openicf.connectorinfoprovider": { + "_id": "provisioner.openicf.connectorinfoprovider", + "connectorsLocation": "connectors", + "remoteConnectorClients": [ + { + "enabled": true, + "name": "rcs1", + "useSSL": true, + }, + ], + "remoteConnectorClientsGroups": [], + "remoteConnectorServers": [], + "remoteConnectorServersGroups": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/Azure.idm.json 1`] = ` +{ + "idm": { + "provisioner.openicf/Azure": { + "_id": "provisioner.openicf/Azure", + "configurationProperties": { + "clientId": "4b07adcc-329c-434c-aa83-49a14bef3c49", + "clientSecret": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "W63amdvzlmynT40WOTl1wPWDc8FUlGWQZK158lmlFTrnhy9PbWZV5YE4v3VeMUDC", + "iv": "KG/YFc8v26QHJzRI3uFhzw==", + "keySize": 16, + "mac": "mA4BzCNS7tuLhosQ+es1Tg==", + "purpose": "idm.config.encryption", + "salt": "vvPwKk0KqOqMjElQgICqEA==", + "stableId": "openidm-sym-default", + }, + }, + }, + "httpProxyHost": null, + "httpProxyPassword": null, + "httpProxyPort": null, + "httpProxyUsername": null, + "licenseCacheExpiryTime": 60, + "performHardDelete": true, + "readRateLimit": null, + "tenant": "711ffa9c-5972-4713-ace3-688c9732614a", + "writeRateLimit": null, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.msgraphapi-connector", + "bundleVersion": "1.5.20.21", + "connectorName": "org.forgerock.openicf.connectors.msgraphapi.MSGraphAPIConnector", + "displayName": "MSGraphAPI Connector", + "systemType": "provisioner.openicf", + }, + "enabled": true, + "objectTypes": { + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__PASSWORD__": { + "autocomplete": "new-password", + "flags": [ + "NOT_UPDATEABLE", + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string", + }, + "__roles__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__roles__", + "nativeType": "string", + "type": "array", + }, + "__servicePlanIds__": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__servicePlanIds__", + "nativeType": "string", + "type": "array", + }, + "accountEnabled": { + "nativeName": "accountEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean", + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "type": "string", + }, + "companyName": { + "nativeName": "companyName", + "nativeType": "string", + "type": "string", + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "type": "string", + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string", + }, + "jobTitle": { + "nativeName": "jobTitle", + "nativeType": "string", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "required": true, + "type": "string", + }, + "mailNickname": { + "nativeName": "mailNickname", + "nativeType": "string", + "required": true, + "type": "string", + }, + "manager": { + "nativeName": "manager", + "nativeType": "object", + "type": "object", + }, + "memberOf": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array", + }, + "mobilePhone": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "mobilePhone", + "nativeType": "string", + "type": "string", + }, + "onPremisesImmutableId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "onPremisesImmutableId", + "nativeType": "string", + "type": "string", + }, + "onPremisesSecurityIdentifier": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "onPremisesSecurityIdentifier", + "nativeType": "string", + "type": "string", + }, + "otherMails": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "otherMails", + "nativeType": "string", + "type": "array", + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string", + }, + "preferredLanguage": { + "nativeName": "preferredLanguage", + "nativeType": "string", + "type": "string", + }, + "proxyAddresses": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "proxyAddresses", + "nativeType": "string", + "type": "array", + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "type": "string", + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string", + }, + "surname": { + "nativeName": "surname", + "nativeType": "string", + "type": "string", + }, + "usageLocation": { + "nativeName": "usageLocation", + "nativeType": "string", + "type": "string", + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "userType": { + "nativeName": "userType", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "__GROUP__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "groupTypes": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "groupTypes", + "nativeType": "string", + "type": "string", + }, + "id": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "id", + "type": "string", + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string", + }, + "mailEnabled": { + "nativeName": "mailEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean", + }, + "onPremisesSecurityIdentifier": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "onPremisesSecurityIdentifier", + "nativeType": "string", + "type": "string", + }, + "proxyAddresses": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "proxyAddresses", + "nativeType": "string", + "type": "array", + }, + "securityEnabled": { + "nativeName": "securityEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean", + }, + "type": { + "nativeName": "type", + "required": true, + "type": "string", + }, + }, + "type": "object", + }, + "directoryRole": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "directoryRole", + "nativeType": "directoryRole", + "properties": { + "description": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + "servicePlan": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "servicePlan", + "nativeType": "servicePlan", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "appliesTo": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "appliesTo", + "nativeType": "string", + "type": "string", + }, + "provisioningStatus": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "provisioningStatus", + "nativeType": "string", + "type": "string", + }, + "servicePlanId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "servicePlanId", + "nativeType": "string", + "type": "string", + }, + "servicePlanName": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "servicePlanName", + "nativeType": "string", + "type": "string", + }, + "subscriberSkuId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE", + ], + "nativeName": "subscriberSkuId", + "type": "string", + }, + }, + "type": "object", + }, + "servicePrincipal": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "servicePrincipal", + "nativeType": "servicePrincipal", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "__addAppRoleAssignedTo__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__addAppRoleAssignedTo__", + "nativeType": "object", + "type": "array", + }, + "__addAppRoleAssignments__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__addAppRoleAssignments__", + "nativeType": "object", + "type": "array", + }, + "__removeAppRoleAssignedTo__": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__removeAppRoleAssignedTo__", + "nativeType": "string", + "type": "array", + }, + "__removeAppRoleAssignments__": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__removeAppRoleAssignments__", + "nativeType": "string", + "type": "array", + }, + "accountEnabled": { + "nativeName": "accountEnabled", + "nativeType": "boolean", + "type": "boolean", + }, + "addIns": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "addIns", + "nativeType": "object", + "type": "array", + }, + "alternativeNames": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "alternativeNames", + "nativeType": "string", + "type": "array", + }, + "appDescription": { + "nativeName": "appDescription", + "nativeType": "string", + "type": "string", + }, + "appDisplayName": { + "nativeName": "appDisplayName", + "nativeType": "string", + "type": "string", + }, + "appId": { + "nativeName": "appId", + "nativeType": "string", + "type": "string", + }, + "appOwnerOrganizationId": { + "nativeName": "appOwnerOrganizationId", + "nativeType": "string", + "type": "string", + }, + "appRoleAssignmentRequired": { + "nativeName": "appRoleAssignmentRequired", + "nativeType": "boolean", + "type": "boolean", + }, + "appRoles": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "appRoles", + "nativeType": "object", + "type": "array", + }, + "applicationTemplateId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "applicationTemplateId", + "nativeType": "string", + "type": "string", + }, + "deletedDateTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "deletedDateTime", + "nativeType": "string", + "type": "string", + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string", + }, + "disabledByMicrosoftStatus": { + "nativeName": "disabledByMicrosoftStatus", + "nativeType": "string", + "type": "string", + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "type": "string", + }, + "homepage": { + "nativeName": "homepage", + "nativeType": "string", + "type": "string", + }, + "info": { + "nativeName": "info", + "nativeType": "object", + "type": "object", + }, + "keyCredentials": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "keyCredentials", + "nativeType": "object", + "type": "array", + }, + "loginUrl": { + "nativeName": "loginUrl", + "nativeType": "string", + "type": "string", + }, + "logoutUrl": { + "nativeName": "logoutUrl", + "nativeType": "string", + "type": "string", + }, + "notes": { + "nativeName": "notes", + "nativeType": "string", + "type": "string", + }, + "notificationEmailAddresses": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "notificationEmailAddresses", + "nativeType": "string", + "type": "array", + }, + "oauth2PermissionScopes": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "oauth2PermissionScopes", + "nativeType": "object", + "type": "array", + }, + "passwordCredentials": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "passwordCredentials", + "nativeType": "object", + "type": "array", + }, + "preferredSingleSignOnMode": { + "nativeName": "preferredSingleSignOnMode", + "nativeType": "string", + "type": "string", + }, + "replyUrls": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "replyUrls", + "nativeType": "string", + "type": "array", + }, + "resourceSpecificApplicationPermissions": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "resourceSpecificApplicationPermissions", + "nativeType": "object", + "type": "array", + }, + "samlSingleSignOnSettings": { + "nativeName": "samlSingleSignOnSettings", + "nativeType": "object", + "type": "object", + }, + "servicePrincipalNames": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "servicePrincipalNames", + "nativeType": "string", + "type": "array", + }, + "servicePrincipalType": { + "nativeName": "servicePrincipalType", + "nativeType": "string", + "type": "string", + }, + "signInAudience": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "signInAudience", + "nativeType": "string", + "type": "string", + }, + "tags": { + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "tags", + "nativeType": "string", + "type": "array", + }, + "tokenEncryptionKeyId": { + "nativeName": "tokenEncryptionKeyId", + "nativeType": "string", + "type": "string", + }, + "verifiedPublisher": { + "nativeName": "verifiedPublisher", + "nativeType": "object", + "type": "object", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/provisioner.openicf/GoogleApps.idm.json 1`] = ` +{ + "idm": { + "provisioner.openicf/GoogleApps": { + "_id": "provisioner.openicf/GoogleApps", + "configurationProperties": { + "availableLicenses": [ + "101005/1010050001", + "101001/1010010001", + "101031/1010310010", + "101034/1010340002", + "101038/1010380002", + "101034/1010340001", + "101038/1010380003", + "101034/1010340004", + "101034/1010340003", + "101034/1010340006", + "Google-Apps/Google-Apps-For-Business", + "101034/1010340005", + "Google-Vault/Google-Vault", + "Google-Apps/1010020031", + "Google-Apps/1010020030", + "Google-Apps/1010060003", + "Google-Apps/1010060005", + "Google-Apps/Google-Apps-Unlimited", + "Google-Apps/1010020029", + "Google-Apps/Google-Apps-Lite", + "101031/1010310003", + "101033/1010330002", + "101033/1010330004", + "Google-Apps/Google-Apps-For-Education", + "101031/1010310002", + "101033/1010330003", + "Google-Apps/1010020026", + "101031/1010310007", + "Google-Apps/1010020025", + "101031/1010310008", + "Google-Apps/1010020028", + "Google-Apps/Google-Apps-For-Postini", + "101031/1010310005", + "Google-Apps/1010020027", + "101031/1010310006", + "101031/1010310009", + "Google-Vault/Google-Vault-Former-Employee", + "101038/1010370001", + "Google-Apps/1010020020", + "Google-Apps/1010060001", + ], + "clientId": "&{esv.gac.client.id}", + "clientSecret": "&{esv.gac.secret}", + "domain": "&{esv.gac.domain}", + "groupsMaxResults": "200", + "listProductAndSkuMaxResults": "100", + "listProductMaxResults": "100", + "membersMaxResults": "200", + "proxyHost": null, + "proxyPort": 8080, + "refreshToken": "&{esv.gac.refresh}", + "roleAssignmentMaxResults": 100, + "roleMaxResults": 100, + "usersMaxResults": "100", + "validateCertificate": true, + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", + "bundleVersion": "[1.5.0.0,1.6.0.0)", + "connectorHostRef": "", + "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", + "displayName": "GoogleApps Connector", + "systemType": "provisioner.openicf", + }, + "enabled": { + "$bool": "&{esv.gac.enable.connector}", + }, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__GROUPS__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "__GROUPS__", + "nativeType": "string", + "type": "array", + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string", + }, + "__PASSWORD__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string", + }, + "__PHOTO__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "__PHOTO__", + "nativeType": "JAVA_TYPE_BYTE_ARRAY", + "type": "string", + }, + "__SECONDARY_EMAILS__": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "__SECONDARY_EMAILS__", + "nativeType": "object", + "type": "array", + }, + "__UID__": { + "nativeName": "__UID__", + "nativeType": "string", + "required": false, + "type": "string", + }, + "addresses": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "addresses", + "nativeType": "object", + "type": "array", + }, + "agreedToTerms": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "agreedToTerms", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "aliases": { + "flags": [ + "NOT_CREATABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "aliases", + "nativeType": "string", + "type": "array", + }, + "archived": { + "nativeName": "archived", + "nativeType": "boolean", + "type": "boolean", + }, + "changePasswordAtNextLogin": { + "nativeName": "changePasswordAtNextLogin", + "nativeType": "boolean", + "type": "boolean", + }, + "creationTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "creationTime", + "nativeType": "string", + "type": "array", + }, + "customSchemas": { + "nativeName": "customSchemas", + "nativeType": "object", + "type": "object", + }, + "customerId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "customerId", + "nativeType": "string", + "type": "string", + }, + "deletionTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "deletionTime", + "nativeType": "string", + "type": "string", + }, + "externalIds": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "externalIds", + "nativeType": "object", + "type": "array", + }, + "familyName": { + "nativeName": "familyName", + "nativeType": "string", + "type": "string", + }, + "fullName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "fullName", + "nativeType": "string", + "type": "string", + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "required": true, + "type": "string", + }, + "hashFunction": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT", + ], + "nativeName": "hashFunction", + "nativeType": "string", + "type": "string", + }, + "ims": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "ims", + "nativeType": "object", + "type": "array", + }, + "includeInGlobalAddressList": { + "nativeName": "includeInGlobalAddressList", + "nativeType": "boolean", + "type": "boolean", + }, + "ipWhitelisted": { + "nativeName": "ipWhitelisted", + "nativeType": "boolean", + "type": "boolean", + }, + "isAdmin": { + "nativeName": "isAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isDelegatedAdmin": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isDelegatedAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean", + }, + "isEnforcedIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnforcedIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isEnrolledIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isEnrolledIn2Sv", + "nativeType": "boolean", + "type": "boolean", + }, + "isMailboxSetup": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "isMailboxSetup", + "nativeType": "boolean", + "type": "boolean", + }, + "languages": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "languages", + "nativeType": "object", + "type": "array", + }, + "lastLoginTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "lastLoginTime", + "nativeType": "string", + "type": "array", + }, + "nonEditableAliases": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "items": { + "nativeType": "string", + "type": "string", + }, + "nativeName": "nonEditableAliases", + "nativeType": "string", + "type": "array", + }, + "orgUnitPath": { + "nativeName": "orgUnitPath", + "nativeType": "string", + "type": "string", + }, + "organizations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "organizations", + "nativeType": "object", + "type": "array", + }, + "phones": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "phones", + "nativeType": "object", + "type": "array", + }, + "primaryEmail": { + "nativeName": "primaryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryEmail": { + "nativeName": "recoveryEmail", + "nativeType": "string", + "type": "string", + }, + "recoveryPhone": { + "nativeName": "recoveryPhone", + "nativeType": "string", + "type": "string", + }, + "relations": { + "items": { + "nativeType": "object", + "type": "object", + }, + "nativeName": "relations", + "nativeType": "object", + "type": "array", + }, + "suspended": { + "nativeName": "suspended", + "nativeType": "boolean", + "type": "boolean", + }, + "suspensionReason": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "suspensionReason", + "nativeType": "string", + "type": "string", + }, + "thumbnailPhotoUrl": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + ], + "nativeName": "thumbnailPhotoUrl", + "nativeType": "string", + "type": "string", + }, + }, + "type": "object", + }, + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1, + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1, + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/repo.ds.idm.json 1`] = ` +{ + "idm": { + "repo.ds": { + "_id": "repo.ds", + "commands": { + "delete-mapping-links": { + "_queryFilter": "/linkType eq "\${mapping}"", + "operation": "DELETE", + }, + "delete-target-ids-for-recon": { + "_queryFilter": "/reconId eq "\${reconId}"", + "operation": "DELETE", + }, + }, + "embedded": false, + "ldapConnectionFactories": { + "bind": { + "availabilityCheckIntervalSeconds": 30, + "availabilityCheckTimeoutMilliSeconds": 10000, + "connectionPoolSize": 50, + "connectionSecurity": "none", + "heartBeatIntervalSeconds": 60, + "heartBeatTimeoutMilliSeconds": 10000, + "primaryLdapServers": [ + { + "hostname": "userstore-0.userstore", + "port": 1389, + }, + ], + "secondaryLdapServers": [ + { + "hostname": "userstore-2.userstore", + "port": 1389, + }, + ], + }, + "root": { + "authentication": { + "simple": { + "bindDn": "uid=admin", + "bindPassword": "&{userstore.password}", + }, + }, + "inheritFrom": "bind", + }, + }, + "maxConnectionAttempts": 5, + "queries": { + "explicit": { + "credential-internaluser-query": { + "_queryFilter": "/_id eq "\${username}"", + }, + "credential-query": { + "_queryFilter": "/userName eq "\${username}"", + }, + "for-userName": { + "_queryFilter": "/userName eq "\${uid}"", + }, + "links-for-firstId": { + "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", + }, + "links-for-linkType": { + "_queryFilter": "/linkType eq "\${linkType}"", + }, + "query-all": { + "_queryFilter": "true", + }, + "query-all-ids": { + "_fields": "_id,_rev", + "_queryFilter": "true", + }, + }, + "generic": { + "credential-internaluser-query": { + "_queryFilter": "/_id eq "\${username}"", + }, + "credential-query": { + "_queryFilter": "/userName eq "\${username}"", + }, + "find-relationship-edges": { + "_queryFilter": "((/firstResourceCollection eq "\${firstResourceCollection}" and /firstResourceId eq "\${firstResourceId}" and /firstPropertyName eq "\${firstPropertyName}") and (/secondResourceCollection eq "\${secondResourceCollection}" and /secondResourceId eq "\${secondResourceId}" and /secondPropertyName eq "\${secondPropertyName}")) or ((/firstResourceCollection eq "\${secondResourceCollection}" and /firstResourceId eq "\${secondResourceId}" and /firstPropertyName eq "\${secondPropertyName}") and (/secondResourceCollection eq "\${firstResourceCollection}" and /secondResourceId eq "\${firstResourceId}" and /secondPropertyName eq "\${firstPropertyName}"))", + }, + "find-relationships-for-resource": { + "_queryFilter": "(/firstResourceCollection eq "\${resourceCollection}" and /firstResourceId eq "\${resourceId}" and /firstPropertyName eq "\${propertyName}") or (/secondResourceCollection eq "\${resourceCollection}" and /secondResourceId eq "\${resourceId}" and /secondPropertyName eq "\${propertyName}")", + }, + "for-userName": { + "_queryFilter": "/userName eq "\${uid}"", + }, + "get-by-field-value": { + "_queryFilter": "/\${field} eq "\${value}"", + }, + "get-notifications-for-user": { + "_queryFilter": "/receiverId eq "\${userId}"", + "_sortKeys": "-createDate", + }, + "get-recons": { + "_fields": "reconId,mapping,activitydate", + "_queryFilter": "/entryType eq "summary"", + "_sortKeys": "-activitydate", + }, + "links-for-firstId": { + "_queryFilter": "/linkType eq "\${linkType}" AND /firstId = "\${firstId}"", + }, + "links-for-linkType": { + "_queryFilter": "/linkType eq "\${linkType}"", + }, + "query-all": { + "_queryFilter": "true", + }, + "query-all-ids": { + "_fields": "_id,_rev", + "_queryFilter": "true", + }, + "query-cluster-events": { + "_queryFilter": "/instanceId eq "\${instanceId}"", + }, + "query-cluster-failed-instances": { + "_queryFilter": "/timestamp le \${timestamp} and (/state eq "1" or /state eq "2")", + }, + "query-cluster-instances": { + "_queryFilter": "true", + }, + "query-cluster-running-instances": { + "_queryFilter": "/state eq 1", + }, + }, + }, + "resourceMapping": { + "defaultMapping": { + "dnTemplate": "ou=generic,dc=openidm,dc=example,dc=com", + }, + "explicitMapping": { + "clusteredrecontargetids": { + "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-recon-clusteredTargetIds", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "reconId": { + "ldapAttribute": "fr-idm-recon-id", + "type": "simple", + }, + "targetIds": { + "ldapAttribute": "fr-idm-recon-targetIds", + "type": "json", + }, + }, + }, + "dsconfig/attributeValue": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-attribute-value-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "matchAttribute": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-match-attribute", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, + }, + "dsconfig/characterSet": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-character-set-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "allowUnclassifiedCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-allow-unclassified-characters", + "type": "simple", + }, + "characterSet": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-character-set", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minCharacterSets": { + "ldapAttribute": "ds-cfg-min-character-sets", + "type": "simple", + }, + }, + }, + "dsconfig/dictionary": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-dictionary-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "dictionaryFile": { + "isRequired": true, + "ldapAttribute": "ds-cfg-dictionary-file", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, + }, + "dsconfig/lengthBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-length-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxPasswordLength": { + "ldapAttribute": "ds-cfg-max-password-length", + "type": "simple", + }, + "minPasswordLength": { + "ldapAttribute": "ds-cfg-min-password-length", + "type": "simple", + }, + }, + }, + "dsconfig/passwordPolicies": { + "dnTemplate": "cn=Password Policies,cn=config", + "objectClasses": [ + "ds-cfg-password-policy", + "ds-cfg-authentication-policy", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "allowPreEncodedPasswords": { + "ldapAttribute": "ds-cfg-allow-pre-encoded-passwords", + "type": "simple", + }, + "defaultPasswordStorageScheme": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-default-password-storage-scheme", + "type": "simple", + }, + "deprecatedPasswordStorageScheme": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-deprecated-password-storage-scheme", + "type": "simple", + }, + "maxPasswordAge": { + "ldapAttribute": "ds-cfg-max-password-age", + "type": "simple", + }, + "passwordAttribute": { + "isRequired": true, + "ldapAttribute": "ds-cfg-password-attribute", + "type": "simple", + }, + "passwordHistoryCount": { + "ldapAttribute": "ds-cfg-password-history-count", + "type": "simple", + }, + "validator": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-password-validator", + "type": "simple", + }, + }, + }, + "dsconfig/repeatedCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-repeated-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxConsecutiveLength": { + "isRequired": true, + "ldapAttribute": "ds-cfg-max-consecutive-length", + "type": "simple", + }, + }, + }, + "dsconfig/similarityBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-similarity-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minPasswordDifference": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-password-difference", + "type": "simple", + }, + }, + }, + "dsconfig/uniqueCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-unique-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minUniqueCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-unique-characters", + "type": "simple", + }, + }, + }, + "dsconfig/userDefinedVirtualAttribute": { + "dnTemplate": "cn=Virtual Attributes,cn=config", + "objectClasses": [ + "ds-cfg-user-defined-virtual-attribute", + "ds-cfg-virtual-attribute", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "attributeType": { + "isRequired": true, + "ldapAttribute": "ds-cfg-attribute-type", + "type": "simple", + }, + "baseDn": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-base-dn", + "type": "simple", + }, + "conflictBehavior": { + "ldapAttribute": "ds-cfg-conflict-behavior", + "type": "simple", + }, + "enabled": { + "isRequired": true, + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "filter": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-filter", + "type": "simple", + }, + "groupDn": { + "ldapAttribute": "ds-cfg-group-dn", + "type": "simple", + }, + "javaClass": { + "isRequired": true, + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "scope": { + "ldapAttribute": "ds-cfg-scope", + "type": "simple", + }, + "value": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-value", + "type": "simple", + }, + }, + }, + "identities/admin": { + "dnTemplate": "o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming", + }, + "objectClasses": [ + "organizationalunit", + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple", + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly", + }, + }, + }, + "identities/alpha": { + "dnTemplate": "o=alpha,o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming", + }, + "objectClasses": [ + "organizationalunit", + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple", + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly", + }, + }, + }, + "identities/bravo": { + "dnTemplate": "o=bravo,o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming", + }, + "objectClasses": [ + "organizationalunit", + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple", + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly", + }, + }, + }, + "internal/role": { + "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "fr-idm-internal-role", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "authzMembers": { + "isMultiValued": true, + "propertyName": "authzRoles", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "condition": { + "ldapAttribute": "fr-idm-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "name": { + "ldapAttribute": "fr-idm-name", + "type": "simple", + }, + "privileges": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-privilege", + "type": "json", + }, + "temporalConstraints": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-temporal-constraints", + "type": "json", + }, + }, + }, + "internal/user": { + "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-internal-user", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "password": { + "ldapAttribute": "fr-idm-password", + "type": "json", + }, + }, + }, + "link": { + "dnTemplate": "ou=links,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-link", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "firstId": { + "ldapAttribute": "fr-idm-link-firstId", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-link-qualifier", + "type": "simple", + }, + "linkType": { + "ldapAttribute": "fr-idm-link-type", + "type": "simple", + }, + "secondId": { + "ldapAttribute": "fr-idm-link-secondId", + "type": "simple", + }, + }, + }, + "locks": { + "dnTemplate": "ou=locks,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-lock", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "nodeId": { + "ldapAttribute": "fr-idm-lock-nodeid", + "type": "simple", + }, + }, + }, + "managed/teammember": { + "dnTemplate": "ou=people,o=root,ou=identities", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "fraas-admin", + "iplanet-am-user-service", + "deviceProfilesContainer", + "devicePrintProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple", + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/teammembermeta", + "type": "reference", + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple", + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple", + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple", + }, + "inviteDate": { + "ldapAttribute": "fr-idm-inviteDate", + "type": "simple", + }, + "jurisdiction": { + "ldapAttribute": "fr-idm-jurisdiction", + "type": "simple", + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple", + }, + "onboardDate": { + "ldapAttribute": "fr-idm-onboardDate", + "type": "simple", + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple", + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple", + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple", + }, + }, + }, + "managed/teammembergroup": { + "dnTemplate": "ou=groups,o=root,ou=identities", + "objectClasses": [ + "groupofuniquenames", + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + }, + "members": { + "isMultiValued": true, + "ldapAttribute": "uniqueMember", + "type": "simple", + }, + }, + }, + "recon/assoc": { + "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=example,dc=com", + "namingStrategy": { + "dnAttribute": "fr-idm-reconassoc-reconid", + "type": "clientDnNaming", + }, + "objectClasses": [ + "fr-idm-reconassoc", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "fr-idm-reconassoc-reconid", + "type": "simple", + }, + "finishTime": { + "ldapAttribute": "fr-idm-reconassoc-finishtime", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "subResources": { + "entry": { + "namingStrategy": { + "dnAttribute": "uid", + "type": "clientDnNaming", + }, + "resource": "recon-assoc-entry", + "type": "collection", + }, + }, + }, + "recon/assoc/entry": { + "objectClasses": [ + "uidObject", + "fr-idm-reconassocentry", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + }, + "action": { + "ldapAttribute": "fr-idm-reconassocentry-action", + "type": "simple", + }, + "ambiguousTargetObjectIds": { + "ldapAttribute": "fr-idm-reconassocentry-ambiguoustargetobjectids", + "type": "simple", + }, + "exception": { + "ldapAttribute": "fr-idm-reconassocentry-exception", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-reconassocentry-linkqualifier", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "message": { + "ldapAttribute": "fr-idm-reconassocentry-message", + "type": "simple", + }, + "messageDetail": { + "ldapAttribute": "fr-idm-reconassocentry-messagedetail", + "type": "simple", + }, + "phase": { + "ldapAttribute": "fr-idm-reconassocentry-phase", + "type": "simple", + }, + "reconId": { + "ldapAttribute": "fr-idm-reconassocentry-reconid", + "type": "simple", + }, + "situation": { + "ldapAttribute": "fr-idm-reconassocentry-situation", + "type": "simple", + }, + "sourceObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-sourceObjectId", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "status": { + "ldapAttribute": "fr-idm-reconassocentry-status", + "type": "simple", + }, + "targetObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-targetObjectId", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "resourceName": "recon-assoc-entry", + "subResourceRouting": [ + { + "prefix": "entry", + "template": "recon/assoc/{reconId}/entry", + }, + ], + }, + "sync/queue": { + "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-syncqueue", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "context": { + "ldapAttribute": "fr-idm-syncqueue-context", + "type": "json", + }, + "createDate": { + "ldapAttribute": "fr-idm-syncqueue-createdate", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-syncqueue-mapping", + "type": "simple", + }, + "newObject": { + "ldapAttribute": "fr-idm-syncqueue-newobject", + "type": "json", + }, + "nodeId": { + "ldapAttribute": "fr-idm-syncqueue-nodeid", + "type": "simple", + }, + "objectRev": { + "ldapAttribute": "fr-idm-syncqueue-objectRev", + "type": "simple", + }, + "oldObject": { + "ldapAttribute": "fr-idm-syncqueue-oldobject", + "type": "json", + }, + "remainingRetries": { + "ldapAttribute": "fr-idm-syncqueue-remainingretries", + "type": "simple", + }, + "resourceCollection": { + "ldapAttribute": "fr-idm-syncqueue-resourcecollection", + "type": "simple", + }, + "resourceId": { + "ldapAttribute": "fr-idm-syncqueue-resourceid", + "type": "simple", + }, + "state": { + "ldapAttribute": "fr-idm-syncqueue-state", + "type": "simple", + }, + "syncAction": { + "ldapAttribute": "fr-idm-syncqueue-syncaction", + "type": "simple", + }, + }, + }, + }, + "genericMapping": { + "cluster/*": { + "dnTemplate": "ou=cluster,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-cluster-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", + "objectClasses": [ + "uidObject", + "fr-idm-cluster-obj", + ], + }, + "config": { + "dnTemplate": "ou=config,dc=openidm,dc=example,dc=com", + }, + "file": { + "dnTemplate": "ou=file,dc=openidm,dc=example,dc=com", + }, + "internal/notification": { + "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-notification-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-notification", + ], + "properties": { + "target": { + "propertyName": "_notifications", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "internal/usermeta": { + "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "jsonstorage": { + "dnTemplate": "ou=jsonstorage,dc=openidm,dc=example,dc=com", + }, + "managed/*": { + "dnTemplate": "ou=managed,dc=openidm,dc=example,dc=com", + }, + "managed/alpha_group": { + "dnTemplate": "ou=groups,o=alpha,o=root,ou=identities", + "idGenerator": { + "propertyName": "name", + "type": "property", + }, + "jsonAttribute": "fr-idm-managed-group-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "cn", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "top", + "groupOfURLs", + "fr-idm-managed-group", + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + "writability": "createOnly", + }, + "condition": { + "ldapAttribute": "fr-idm-managed-group-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "members": { + "isMultiValued": true, + "propertyName": "groups", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "managed/alpha_organization": { + "dnTemplate": "ou=organization,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "uid", + "type": "simple", + }, + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/alpha_organization", + "type": "reverseReference", + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple", + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + }, + }, + "managed/alpha_role": { + "dnTemplate": "ou=role,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role", + ], + "properties": { + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "managed/alpha_user": { + "dnTemplate": "ou=user,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-custom-attrs", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "iplanet-am-user-service", + "devicePrintProfilesContainer", + "deviceProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple", + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/alpha_usermeta", + "type": "reference", + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference", + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple", + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + "aliasList": { + "isMultiValued": true, + "ldapAttribute": "iplanet-am-user-alias-list", + "type": "simple", + }, + "assignedDashboard": { + "isMultiValued": true, + "ldapAttribute": "assignedDashboard", + "type": "simple", + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference", + }, + "city": { + "ldapAttribute": "l", + "type": "simple", + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple", + }, + "consentedMappings": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-consentedMapping", + "type": "json", + }, + "country": { + "ldapAttribute": "co", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "displayName": { + "ldapAttribute": "displayName", + "type": "simple", + }, + "effectiveAssignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveAssignment", + "type": "json", + }, + "effectiveGroups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveGroup", + "type": "json", + }, + "effectiveRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveRole", + "type": "json", + }, + "frIndexedDate1": { + "ldapAttribute": "fr-attr-idate1", + "type": "simple", + }, + "frIndexedDate2": { + "ldapAttribute": "fr-attr-idate2", + "type": "simple", + }, + "frIndexedDate3": { + "ldapAttribute": "fr-attr-idate3", + "type": "simple", + }, + "frIndexedDate4": { + "ldapAttribute": "fr-attr-idate4", + "type": "simple", + }, + "frIndexedDate5": { + "ldapAttribute": "fr-attr-idate5", + "type": "simple", + }, + "frIndexedInteger1": { + "ldapAttribute": "fr-attr-iint1", + "type": "simple", + }, + "frIndexedInteger2": { + "ldapAttribute": "fr-attr-iint2", + "type": "simple", + }, + "frIndexedInteger3": { + "ldapAttribute": "fr-attr-iint3", + "type": "simple", + }, + "frIndexedInteger4": { + "ldapAttribute": "fr-attr-iint4", + "type": "simple", + }, + "frIndexedInteger5": { + "ldapAttribute": "fr-attr-iint5", + "type": "simple", + }, + "frIndexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti1", + "type": "simple", + }, + "frIndexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti2", + "type": "simple", + }, + "frIndexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti3", + "type": "simple", + }, + "frIndexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti4", + "type": "simple", + }, + "frIndexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti5", + "type": "simple", + }, + "frIndexedString1": { + "ldapAttribute": "fr-attr-istr1", + "type": "simple", + }, + "frIndexedString2": { + "ldapAttribute": "fr-attr-istr2", + "type": "simple", + }, + "frIndexedString3": { + "ldapAttribute": "fr-attr-istr3", + "type": "simple", + }, + "frIndexedString4": { + "ldapAttribute": "fr-attr-istr4", + "type": "simple", + }, + "frIndexedString5": { + "ldapAttribute": "fr-attr-istr5", + "type": "simple", + }, + "frUnindexedDate1": { + "ldapAttribute": "fr-attr-date1", + "type": "simple", + }, + "frUnindexedDate2": { + "ldapAttribute": "fr-attr-date2", + "type": "simple", + }, + "frUnindexedDate3": { + "ldapAttribute": "fr-attr-date3", + "type": "simple", + }, + "frUnindexedDate4": { + "ldapAttribute": "fr-attr-date4", + "type": "simple", + }, + "frUnindexedDate5": { + "ldapAttribute": "fr-attr-date5", + "type": "simple", + }, + "frUnindexedInteger1": { + "ldapAttribute": "fr-attr-int1", + "type": "simple", + }, + "frUnindexedInteger2": { + "ldapAttribute": "fr-attr-int2", + "type": "simple", + }, + "frUnindexedInteger3": { + "ldapAttribute": "fr-attr-int3", + "type": "simple", + }, + "frUnindexedInteger4": { + "ldapAttribute": "fr-attr-int4", + "type": "simple", + }, + "frUnindexedInteger5": { + "ldapAttribute": "fr-attr-int5", + "type": "simple", + }, + "frUnindexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi1", + "type": "simple", + }, + "frUnindexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi2", + "type": "simple", + }, + "frUnindexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi3", + "type": "simple", + }, + "frUnindexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi4", + "type": "simple", + }, + "frUnindexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi5", + "type": "simple", + }, + "frUnindexedString1": { + "ldapAttribute": "fr-attr-str1", + "type": "simple", + }, + "frUnindexedString2": { + "ldapAttribute": "fr-attr-str2", + "type": "simple", + }, + "frUnindexedString3": { + "ldapAttribute": "fr-attr-str3", + "type": "simple", + }, + "frUnindexedString4": { + "ldapAttribute": "fr-attr-str4", + "type": "simple", + }, + "frUnindexedString5": { + "ldapAttribute": "fr-attr-str5", + "type": "simple", + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple", + }, + "groups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-groups", + "primaryKey": "cn", + "resourcePath": "managed/alpha_group", + "type": "reference", + }, + "kbaInfo": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-kbaInfo", + "type": "json", + }, + "lastSync": { + "ldapAttribute": "fr-idm-lastSync", + "type": "json", + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple", + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/alpha_user", + "type": "reference", + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + "memberOfOrgIDs": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-memberoforgid", + "type": "simple", + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference", + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple", + }, + "postalAddress": { + "ldapAttribute": "street", + "type": "simple", + }, + "postalCode": { + "ldapAttribute": "postalCode", + "type": "simple", + }, + "preferences": { + "ldapAttribute": "fr-idm-preferences", + "type": "json", + }, + "profileImage": { + "ldapAttribute": "labeledURI", + "type": "simple", + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/alpha_role", + "type": "reference", + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple", + }, + "stateProvince": { + "ldapAttribute": "st", + "type": "simple", + }, + "telephoneNumber": { + "ldapAttribute": "telephoneNumber", + "type": "simple", + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple", + }, + }, + }, + "managed/alpha_usermeta": { + "dnTemplate": "ou=usermeta,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/alpha_user", + "type": "reverseReference", + }, + }, + }, + "managed/bravo_group": { + "dnTemplate": "ou=groups,o=bravo,o=root,ou=identities", + "idGenerator": { + "propertyName": "name", + "type": "property", + }, + "jsonAttribute": "fr-idm-managed-group-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "cn", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "top", + "groupOfURLs", + "fr-idm-managed-group", + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + "writability": "createOnly", + }, + "condition": { + "ldapAttribute": "fr-idm-managed-group-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "members": { + "isMultiValued": true, + "propertyName": "groups", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + }, + }, + "managed/bravo_organization": { + "dnTemplate": "ou=organization,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "uid", + "type": "simple", + }, + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/bravo_organization", + "type": "reverseReference", + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple", + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + }, + }, + "managed/bravo_role": { + "dnTemplate": "ou=role,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role", + ], + "properties": { + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + }, + }, + "managed/bravo_user": { + "dnTemplate": "ou=user,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-custom-attrs", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming", + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "iplanet-am-user-service", + "devicePrintProfilesContainer", + "deviceProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + "fr-ext-attrs", + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple", + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/bravo_usermeta", + "type": "reference", + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference", + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple", + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + "aliasList": { + "isMultiValued": true, + "ldapAttribute": "iplanet-am-user-alias-list", + "type": "simple", + }, + "assignedDashboard": { + "isMultiValued": true, + "ldapAttribute": "assignedDashboard", + "type": "simple", + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference", + }, + "city": { + "ldapAttribute": "l", + "type": "simple", + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple", + }, + "consentedMappings": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-consentedMapping", + "type": "json", + }, + "country": { + "ldapAttribute": "co", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "displayName": { + "ldapAttribute": "displayName", + "type": "simple", + }, + "effectiveAssignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveAssignment", + "type": "json", + }, + "effectiveGroups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveGroup", + "type": "json", + }, + "effectiveRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveRole", + "type": "json", + }, + "frIndexedDate1": { + "ldapAttribute": "fr-attr-idate1", + "type": "simple", + }, + "frIndexedDate2": { + "ldapAttribute": "fr-attr-idate2", + "type": "simple", + }, + "frIndexedDate3": { + "ldapAttribute": "fr-attr-idate3", + "type": "simple", + }, + "frIndexedDate4": { + "ldapAttribute": "fr-attr-idate4", + "type": "simple", + }, + "frIndexedDate5": { + "ldapAttribute": "fr-attr-idate5", + "type": "simple", + }, + "frIndexedInteger1": { + "ldapAttribute": "fr-attr-iint1", + "type": "simple", + }, + "frIndexedInteger2": { + "ldapAttribute": "fr-attr-iint2", + "type": "simple", + }, + "frIndexedInteger3": { + "ldapAttribute": "fr-attr-iint3", + "type": "simple", + }, + "frIndexedInteger4": { + "ldapAttribute": "fr-attr-iint4", + "type": "simple", + }, + "frIndexedInteger5": { + "ldapAttribute": "fr-attr-iint5", + "type": "simple", + }, + "frIndexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti1", + "type": "simple", + }, + "frIndexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti2", + "type": "simple", + }, + "frIndexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti3", + "type": "simple", + }, + "frIndexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti4", + "type": "simple", + }, + "frIndexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti5", + "type": "simple", + }, + "frIndexedString1": { + "ldapAttribute": "fr-attr-istr1", + "type": "simple", + }, + "frIndexedString2": { + "ldapAttribute": "fr-attr-istr2", + "type": "simple", + }, + "frIndexedString3": { + "ldapAttribute": "fr-attr-istr3", + "type": "simple", + }, + "frIndexedString4": { + "ldapAttribute": "fr-attr-istr4", + "type": "simple", + }, + "frIndexedString5": { + "ldapAttribute": "fr-attr-istr5", + "type": "simple", + }, + "frUnindexedDate1": { + "ldapAttribute": "fr-attr-date1", + "type": "simple", + }, + "frUnindexedDate2": { + "ldapAttribute": "fr-attr-date2", + "type": "simple", + }, + "frUnindexedDate3": { + "ldapAttribute": "fr-attr-date3", + "type": "simple", + }, + "frUnindexedDate4": { + "ldapAttribute": "fr-attr-date4", + "type": "simple", + }, + "frUnindexedDate5": { + "ldapAttribute": "fr-attr-date5", + "type": "simple", + }, + "frUnindexedInteger1": { + "ldapAttribute": "fr-attr-int1", + "type": "simple", + }, + "frUnindexedInteger2": { + "ldapAttribute": "fr-attr-int2", + "type": "simple", + }, + "frUnindexedInteger3": { + "ldapAttribute": "fr-attr-int3", + "type": "simple", + }, + "frUnindexedInteger4": { + "ldapAttribute": "fr-attr-int4", + "type": "simple", + }, + "frUnindexedInteger5": { + "ldapAttribute": "fr-attr-int5", + "type": "simple", + }, + "frUnindexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi1", + "type": "simple", + }, + "frUnindexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi2", + "type": "simple", + }, + "frUnindexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi3", + "type": "simple", + }, + "frUnindexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi4", + "type": "simple", + }, + "frUnindexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi5", + "type": "simple", + }, + "frUnindexedString1": { + "ldapAttribute": "fr-attr-str1", + "type": "simple", + }, + "frUnindexedString2": { + "ldapAttribute": "fr-attr-str2", + "type": "simple", + }, + "frUnindexedString3": { + "ldapAttribute": "fr-attr-str3", + "type": "simple", + }, + "frUnindexedString4": { + "ldapAttribute": "fr-attr-str4", + "type": "simple", + }, + "frUnindexedString5": { + "ldapAttribute": "fr-attr-str5", + "type": "simple", + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple", + }, + "groups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-groups", + "primaryKey": "cn", + "resourcePath": "managed/bravo_group", + "type": "reference", + }, + "kbaInfo": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-kbaInfo", + "type": "json", + }, + "lastSync": { + "ldapAttribute": "fr-idm-lastSync", + "type": "json", + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple", + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/bravo_user", + "type": "reference", + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + "memberOfOrgIDs": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-memberoforgid", + "type": "simple", + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference", + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple", + }, + "postalAddress": { + "ldapAttribute": "street", + "type": "simple", + }, + "postalCode": { + "ldapAttribute": "postalCode", + "type": "simple", + }, + "preferences": { + "ldapAttribute": "fr-idm-preferences", + "type": "json", + }, + "profileImage": { + "ldapAttribute": "labeledURI", + "type": "simple", + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/bravo_role", + "type": "reference", + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple", + }, + "stateProvince": { + "ldapAttribute": "st", + "type": "simple", + }, + "telephoneNumber": { + "ldapAttribute": "telephoneNumber", + "type": "simple", + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple", + }, + }, + }, + "managed/bravo_usermeta": { + "dnTemplate": "ou=usermeta,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/bravo_user", + "type": "reverseReference", + }, + }, + }, + "managed/teammembermeta": { + "dnTemplate": "ou=teammembermeta,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/teammember", + "type": "reverseReference", + }, + }, + }, + "reconprogressstate": { + "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=example,dc=com", + }, + "relationships": { + "dnTemplate": "ou=relationships,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-relationship-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", + "objectClasses": [ + "uidObject", + "fr-idm-relationship", + ], + }, + "scheduler": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", + }, + "scheduler/*": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com", + }, + "ui/*": { + "dnTemplate": "ou=ui,dc=openidm,dc=example,dc=com", + }, + "updates": { + "dnTemplate": "ou=updates,dc=openidm,dc=example,dc=com", + }, + }, + }, + "rest2LdapOptions": { + "mvccAttribute": "etag", + "readOnUpdatePolicy": "controls", + "returnNullForMissingProperties": true, + "useMvcc": true, + "usePermissiveModify": true, + "useSubtreeDelete": true, + }, + "security": { + "keyManager": "jvm", + "trustManager": "jvm", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/router.idm.json 1`] = ` +{ + "idm": { + "router": { + "_id": "router", + "filters": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/script.idm.json 1`] = ` +{ + "idm": { + "script": { + "ECMAScript": { + "#javascript.debug": "&{openidm.script.javascript.debug}", + "javascript.recompile.minimumInterval": 60000, + }, + "Groovy": { + "#groovy.disabled.global.ast.transformations": "", + "#groovy.errors.tolerance": 10, + "#groovy.output.debug": false, + "#groovy.output.verbose": false, + "#groovy.script.base": "#any class extends groovy.lang.Script", + "#groovy.script.extension": ".groovy", + "#groovy.source.encoding": "utf-8 #default US-ASCII", + "#groovy.target.bytecode": "1.5", + "#groovy.target.indy": true, + "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", + "groovy.classpath": "&{idm.install.dir}/lib", + "groovy.recompile": true, + "groovy.recompile.minimumInterval": 60000, + "groovy.source.encoding": "UTF-8", + "groovy.target.directory": "&{idm.install.dir}/classes", + }, + "_id": "script", + "properties": {}, + "sources": { + "default": { + "directory": "&{idm.install.dir}/bin/defaults/script", + }, + "install": { + "directory": "&{idm.install.dir}", + }, + "project": { + "directory": "&{idm.instance.dir}", + }, + "project-script": { + "directory": "&{idm.instance.dir}/script", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/secrets.idm.json 1`] = ` +{ + "idm": { + "secrets": { + "_id": "secrets", + "populateDefaults": true, + "stores": [ + { + "class": "org.forgerock.openidm.secrets.config.FileBasedStore", + "config": { + "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", + "mappings": [ + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + "openidm-localhost", + ], + "secretId": "idm.default", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.config.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.password.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.https.keystore.cert.alias|openidm-localhost}", + ], + "secretId": "idm.jwt.session.module.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", + ], + "secretId": "idm.jwt.session.module.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "selfservice", + ], + "secretId": "idm.selfservice.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", + ], + "secretId": "idm.selfservice.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.assignment.attribute.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + ], + "providerName": "&{openidm.keystore.provider|SunJCE}", + "storePassword": "&{openidm.keystore.password|changeit}", + "storetype": "&{openidm.keystore.type|JCEKS}", + }, + "name": "mainKeyStore", + }, + { + "class": "org.forgerock.openidm.secrets.config.FileBasedStore", + "config": { + "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", + "mappings": [], + "providerName": "&{openidm.truststore.provider|SUN}", + "storePassword": "&{openidm.truststore.password|changeit}", + "storetype": "&{openidm.truststore.type|JKS}", + }, + "name": "mainTrustStore", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.kba.idm.json 1`] = ` +{ + "idm": { + "selfservice.kba": { + "_id": "selfservice.kba", + "kbaPropertyName": "kbaInfo", + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "questions": { + "1": { + "en": "What's your favorite color?", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/selfservice.terms.idm.json 1`] = ` +{ + "idm": { + "selfservice.terms": { + "_id": "selfservice.terms", + "active": "0.0", + "uiConfig": { + "buttonText": "Accept", + "displayName": "We've updated our terms", + "purpose": "You must accept the updated terms in order to proceed.", + }, + "versions": [ + { + "createDate": "2019-10-28T04:20:11.320Z", + "termsTranslations": { + "en": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.", + }, + "version": "0.0", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/cors.idm.json 1`] = ` +{ + "idm": { + "servletfilter/cors": { + "_id": "servletfilter/cors", + "initParams": { + "allowCredentials": false, + "allowedHeaders": "authorization,accept,content-type,origin,x-requested-with,cache-control,accept-api-version,if-match,if-none-match", + "allowedMethods": "GET,POST,PUT,DELETE,PATCH", + "allowedOrigins": "*", + "chainPreflight": false, + "exposedHeaders": "WWW-Authenticate", + }, + "urlPatterns": [ + "/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/payload.idm.json 1`] = ` +{ + "idm": { + "servletfilter/payload": { + "_id": "servletfilter/payload", + "initParams": { + "maxRequestSizeInMegabytes": 5, + }, + "urlPatterns": [ + "&{openidm.servlet.alias}/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/servletfilter/upload.idm.json 1`] = ` +{ + "idm": { + "servletfilter/upload": { + "_id": "servletfilter/upload", + "initParams": { + "maxRequestSizeInMegabytes": 50, + }, + "urlPatterns": [ + "&{openidm.servlet.upload.alias}/*", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/admin.idm.json 1`] = ` +{ + "idm": { + "ui.context/admin": { + "_id": "ui.context/admin", + "defaultDir": "&{idm.install.dir}/ui/admin/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/admin/extension", + "responseHeaders": { + "X-Frame-Options": "SAMEORIGIN", + }, + "urlContextRoot": "/admin", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/api.idm.json 1`] = ` +{ + "idm": { + "ui.context/api": { + "_id": "ui.context/api", + "authEnabled": true, + "cacheEnabled": false, + "defaultDir": "&{idm.install.dir}/ui/api/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/api/extension", + "urlContextRoot": "/api", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/enduser.idm.json 1`] = ` +{ + "idm": { + "ui.context/enduser": { + "_id": "ui.context/enduser", + "defaultDir": "&{idm.install.dir}/ui/enduser", + "enabled": true, + "responseHeaders": { + "X-Frame-Options": "DENY", + }, + "urlContextRoot": "/", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui.context/oauth.idm.json 1`] = ` +{ + "idm": { + "ui.context/oauth": { + "_id": "ui.context/oauth", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/oauth/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/oauth/extension", + "urlContextRoot": "/oauthReturn", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/configuration.idm.json 1`] = ` +{ + "idm": { + "ui/configuration": { + "_id": "ui/configuration", + "configuration": { + "defaultNotificationType": "info", + "forgotUsername": false, + "lang": "en", + "notificationTypes": { + "error": { + "iconPath": "images/notifications/error.png", + "name": "common.notification.types.error", + }, + "info": { + "iconPath": "images/notifications/info.png", + "name": "common.notification.types.info", + }, + "warning": { + "iconPath": "images/notifications/warning.png", + "name": "common.notification.types.warning", + }, + }, + "passwordReset": true, + "passwordResetLink": "", + "platformSettings": { + "adminOauthClient": "idmAdminClient", + "adminOauthClientScopes": "fr:idm:*", + "amUrl": "/am", + "loginUrl": "", + }, + "roles": { + "internal/role/openidm-admin": "ui-admin", + "internal/role/openidm-authorized": "ui-user", + }, + "selfRegistration": true, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/dashboard.idm.json 1`] = ` +{ + "idm": { + "ui/dashboard": { + "_id": "ui/dashboard", + "adminDashboards": [ + { + "isDefault": true, + "name": "Quick Start", + "widgets": [ + { + "cards": [ + { + "href": "#resource/managed/alpha_user/list/", + "icon": "fa-user", + "name": "Manage Users", + }, + { + "href": "#resource/managed/alpha_role/list/", + "icon": "fa-check-square-o", + "name": "Manage Roles", + }, + { + "href": "#connectors/add/", + "icon": "fa-database", + "name": "Add Connector", + }, + { + "href": "#mapping/add/", + "icon": "fa-map-marker", + "name": "Create Mapping", + }, + { + "href": "#managed/add/", + "icon": "fa-tablet", + "name": "Add Device", + }, + { + "href": "#settings/", + "icon": "fa-user", + "name": "Configure System Preferences", + }, + ], + "size": "large", + "type": "quickStart", + }, + ], + }, + { + "isDefault": false, + "name": "System Monitoring", + "widgets": [ + { + "legendRange": { + "month": [ + 500, + 2500, + 5000, + ], + "week": [ + 10, + 30, + 90, + 270, + 810, + ], + "year": [ + 10000, + 40000, + 100000, + 250000, + ], + }, + "maxRange": "#24423c", + "minRange": "#b0d4cd", + "size": "large", + "type": "audit", + }, + { + "size": "large", + "type": "clusterStatus", + }, + { + "size": "large", + "type": "systemHealthFull", + }, + { + "barchart": "false", + "size": "large", + "type": "lastRecon", + }, + ], + }, + { + "isDefault": false, + "name": "Resource Report", + "widgets": [ + { + "selected": "activeUsers", + "size": "x-small", + "type": "counter", + }, + { + "selected": "rolesEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "activeConnectors", + "size": "x-small", + "type": "counter", + }, + { + "size": "large", + "type": "resourceList", + }, + ], + }, + { + "isDefault": false, + "name": "Business Report", + "widgets": [ + { + "graphType": "fa-pie-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "signIns", + "widgetTitle": "Sign-Ins", + }, + { + "graphType": "fa-bar-chart", + "size": "x-small", + "type": "passwordResets", + "widgetTitle": "Password Resets", + }, + { + "graphType": "fa-line-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "newRegistrations", + "widgetTitle": "New Registrations", + }, + { + "size": "x-small", + "timezone": { + "hours": "07", + "minutes": "00", + "negative": true, + }, + "type": "socialLogin", + }, + { + "selected": "socialEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "manualRegistrations", + "size": "x-small", + "type": "counter", + }, + ], + }, + ], + "dashboard": { + "widgets": [ + { + "size": "large", + "type": "Welcome", + }, + ], + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/profile.idm.json 1`] = ` +{ + "idm": { + "ui/profile": { + "_id": "ui/profile", + "tabs": [ + { + "name": "personalInfoTab", + "view": "org/forgerock/openidm/ui/user/profile/personalInfo/PersonalInfoTab", + }, + { + "name": "signInAndSecurity", + "view": "org/forgerock/openidm/ui/user/profile/signInAndSecurity/SignInAndSecurityTab", + }, + { + "name": "preference", + "view": "org/forgerock/openidm/ui/user/profile/PreferencesTab", + }, + { + "name": "trustedDevice", + "view": "org/forgerock/openidm/ui/user/profile/TrustedDevicesTab", + }, + { + "name": "oauthApplication", + "view": "org/forgerock/openidm/ui/user/profile/OauthApplicationsTab", + }, + { + "name": "privacyAndConsent", + "view": "org/forgerock/openidm/ui/user/profile/PrivacyAndConsentTab", + }, + { + "name": "sharing", + "view": "org/forgerock/openidm/ui/user/profile/uma/SharingTab", + }, + { + "name": "auditHistory", + "view": "org/forgerock/openidm/ui/user/profile/uma/ActivityTab", + }, + { + "name": "accountControls", + "view": "org/forgerock/openidm/ui/user/profile/accountControls/AccountControlsTab", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/ui/themeconfig.idm.json 1`] = ` +{ + "idm": { + "ui/themeconfig": { + "_id": "ui/themeconfig", + "icon": "favicon.ico", + "path": "", + "settings": { + "footer": { + "mailto": "info@forgerock.com", + }, + "loginLogo": { + "alt": "ForgeRock", + "height": "104px", + "src": "images/login-logo-dark.png", + "title": "ForgeRock", + "width": "210px", + }, + "logo": { + "alt": "ForgeRock", + "src": "images/logo-horizontal-white.png", + "title": "ForgeRock", + }, + }, + "stylesheets": [ + "css/bootstrap-3.4.1-custom.css", + "css/structure.css", + "css/theme.css", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/uilocale/fr.idm.json 1`] = ` +{ + "idm": { + "uilocale/fr": { + "_id": "uilocale/fr", + "admin": { + "overrides": { + "AppLogoURI": "URI du logo de l’application", + "EmailAddress": "Adresse e-mail", + "Name": "Nom", + "Owners": "Les propriétaires", + }, + "sideMenu": { + "securityQuestions": "Questions de sécurité", + }, + }, + "enduser": { + "overrides": { + "FirstName": "Prénom", + "LastName": "Nom de famille", + }, + "pages": { + "dashboard": { + "widgets": { + "welcome": { + "greeting": "Bonjour", + }, + }, + }, + }, + }, + "login": { + "login": { + "next": "Suivant", + }, + "overrides": { + "Password": "Mot de passe", + "UserName": "Nom d'utilisateur", + }, + }, + "shared": { + "sideMenu": { + "dashboard": "Tableau de bord", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/idm/undefined.idm.json 1`] = ` +{ + "idm": { + "undefined": { + "_id": "undefined", + "mapping": { + "mapping/managedBravo_user_managedBravo_user0": { + "_id": "mapping/managedBravo_user_managedBravo_user0", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user0", + "icon": null, + "name": "managedBravo_user_managedBravo_user0", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "target": "managed/bravo_user", + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-admin.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-admin": { + "_id": "openidm-admin", + "condition": null, + "description": "Administrative access", + "name": "openidm-admin", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-authorized.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-authorized": { + "_id": "openidm-authorized", + "condition": null, + "description": "Basic minimum user", + "name": "openidm-authorized", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-cert.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-cert": { + "_id": "openidm-cert", + "condition": null, + "description": "Authenticated via certificate", + "name": "openidm-cert", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-reg.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-reg": { + "_id": "openidm-reg", + "condition": null, + "description": "Anonymous access", + "name": "openidm-reg", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/openidm-tasks-manager.internalRole.json 1`] = ` +{ + "internalRole": { + "openidm-tasks-manager": { + "_id": "openidm-tasks-manager", + "condition": null, + "description": "Allowed to reassign workflow tasks", + "name": "openidm-tasks-manager", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/platform-provisioning.internalRole.json 1`] = ` +{ + "internalRole": { + "platform-provisioning": { + "_id": "platform-provisioning", + "condition": null, + "description": "Platform provisioning access", + "name": "platform-provisioning", + "privileges": [], + "temporalConstraints": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/internalRole/test-internal-role.internalRole.json 1`] = ` +{ + "internalRole": { + "ccb11ba1-333b-4197-95db-89bb08a2ab56": { + "_id": "ccb11ba1-333b-4197-95db-89bb08a2ab56", + "condition": "/description co "somerandomstring"", + "description": "A test internal role", + "name": "test-internal-role", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "cn", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "profileImage", + "readOnly": true, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": true, + }, + { + "attribute": "telephoneNumber", + "readOnly": true, + }, + { + "attribute": "postalAddress", + "readOnly": true, + }, + { + "attribute": "city", + "readOnly": true, + }, + { + "attribute": "postalCode", + "readOnly": true, + }, + { + "attribute": "country", + "readOnly": true, + }, + { + "attribute": "stateProvince", + "readOnly": true, + }, + { + "attribute": "roles", + "readOnly": true, + }, + { + "attribute": "assignments", + "readOnly": true, + }, + { + "attribute": "groups", + "readOnly": true, + }, + { + "attribute": "applications", + "readOnly": true, + }, + { + "attribute": "manager", + "readOnly": true, + }, + { + "attribute": "authzRoles", + "readOnly": true, + }, + { + "attribute": "reports", + "readOnly": true, + }, + { + "attribute": "effectiveRoles", + "readOnly": true, + }, + { + "attribute": "effectiveAssignments", + "readOnly": true, + }, + { + "attribute": "effectiveGroups", + "readOnly": true, + }, + { + "attribute": "effectiveApplications", + "readOnly": true, + }, + { + "attribute": "lastSync", + "readOnly": true, + }, + { + "attribute": "kbaInfo", + "readOnly": true, + }, + { + "attribute": "preferences", + "readOnly": true, + }, + { + "attribute": "consentedMappings", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + { + "attribute": "ownerOfApp", + "readOnly": true, + }, + { + "attribute": "frIndexedString1", + "readOnly": true, + }, + { + "attribute": "frIndexedString2", + "readOnly": true, + }, + { + "attribute": "frIndexedString3", + "readOnly": true, + }, + { + "attribute": "frIndexedString4", + "readOnly": true, + }, + { + "attribute": "frIndexedString5", + "readOnly": true, + }, + { + "attribute": "frUnindexedString1", + "readOnly": true, + }, + { + "attribute": "frUnindexedString2", + "readOnly": true, + }, + { + "attribute": "frUnindexedString3", + "readOnly": true, + }, + { + "attribute": "frUnindexedString4", + "readOnly": true, + }, + { + "attribute": "frUnindexedString5", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued1", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued2", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued3", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued4", + "readOnly": true, + }, + { + "attribute": "frIndexedMultivalued5", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued1", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued2", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued3", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued4", + "readOnly": true, + }, + { + "attribute": "frUnindexedMultivalued5", + "readOnly": true, + }, + { + "attribute": "frIndexedDate1", + "readOnly": true, + }, + { + "attribute": "frIndexedDate2", + "readOnly": true, + }, + { + "attribute": "frIndexedDate3", + "readOnly": true, + }, + { + "attribute": "frIndexedDate4", + "readOnly": true, + }, + { + "attribute": "frIndexedDate5", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate1", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate2", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate3", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate4", + "readOnly": true, + }, + { + "attribute": "frUnindexedDate5", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger1", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger2", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger3", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger4", + "readOnly": true, + }, + { + "attribute": "frIndexedInteger5", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger1", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger2", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger3", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger4", + "readOnly": true, + }, + { + "attribute": "frUnindexedInteger5", + "readOnly": true, + }, + { + "attribute": "assignedDashboard", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/userName co "test"", + "name": "Alpha realm - Users", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "UPDATE", + "CREATE", + ], + }, + ], + "temporalConstraints": [ + { + "duration": "2024-11-04T12:45:00.000Z/2100-12-01T12:45:00.000Z", + }, + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_assignment_managedBravo_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedAlpha_assignment_managedBravo_assignment": { + "_id": "mapping/managedAlpha_assignment_managedBravo_assignment", + "consentRequired": false, + "displayName": "managedAlpha_assignment_managedBravo_assignment", + "icon": null, + "name": "managedAlpha_assignment_managedBravo_assignment", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/alpha_assignment", + "target": "managed/bravo_assignment", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedAlpha_user_systemAzureUser.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedAlpha_user_systemAzureUser": { + "_id": "mapping/managedAlpha_user_systemAzureUser", + "consentRequired": false, + "defaultSourceFields": [ + "*", + "assignments", + ], + "defaultTargetFields": [ + "*", + "memberOf", + "__roles__", + "__servicePlanIds__", + ], + "displayName": "managedAlpha_user_systemAzureUser", + "icon": null, + "name": "managedAlpha_user_systemAzureUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "SOURCE_TARGET_CONFLICT", + }, + { + "action": "INCORPORATE_CHANGES", + "situation": "TARGET_CHANGED", + }, + ], + "properties": [ + { + "source": "mail", + "target": "mail", + }, + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "sn", + "target": "surname", + }, + { + "source": "", + "target": "displayName", + "transform": { + "source": "source.givenName+" "+source.sn", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "mailNickname", + "transform": { + "source": "source.givenName[0].toLowerCase()+source.sn.toLowerCase()", + "type": "text/javascript", + }, + }, + { + "source": "", + "target": "accountEnabled", + "transform": { + "source": "true", + "type": "text/javascript", + }, + }, + { + "condition": { + "globals": {}, + "source": "(typeof oldTarget === 'undefined' || oldTarget === null)", + "type": "text/javascript", + }, + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": ""!@#$%"[Math.floor(Math.random()*5)] + Math.random().toString(36).slice(2, 13).toUpperCase()+Math.random().toString(36).slice(2,13)", + "type": "text/javascript", + }, + }, + ], + "queuedSync": { + "enabled": true, + "maxRetries": 0, + "pollingInterval": 10000, + }, + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq "0f357b7e-6c54-4351-a094-43916877d7e5"] or lastSync/managedAlpha_user_systemAzureUser pr or /source/effectiveAssignments[(mapping eq "managedAlpha_user_systemAzureUser" and type eq "__ENTITLEMENT__")]", + }, + "target": "system/Azure/User", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_group_managedBravo_group.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedBravo_group_managedBravo_group": { + "_id": "mapping/managedBravo_group_managedBravo_group", + "consentRequired": false, + "displayName": "managedBravo_group_managedBravo_group", + "icon": null, + "name": "managedBravo_group_managedBravo_group", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_group", + "target": "managed/bravo_group", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/managedBravo_user_managedBravo_user0.mapping.json 1`] = ` +{ + "mapping": { + "mapping/managedBravo_user_managedBravo_user0": { + "_id": "mapping/managedBravo_user_managedBravo_user0", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user0", + "icon": null, + "name": "managedBravo_user_managedBravo_user0", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "target": "managed/bravo_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/mapping12.mapping.json 1`] = ` +{ + "mapping": { + "mapping/mapping12": { + "_id": "mapping/mapping12", + "consentRequired": false, + "displayName": "mapping12", + "linkQualifiers": [], + "name": "mapping12", + "policies": [], + "properties": [], + "source": "managed/bravo_user", + "syncAfter": [], + "target": "managed/bravo_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzure__group___managedAlpha_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzure__group___managedAlpha_assignment": { + "_id": "mapping/systemAzure__group___managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzure__group___managedAlpha_assignment", + "icon": null, + "name": "systemAzure__group___managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type", + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", + "type": "text/javascript", + }, + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping", + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[ + { + 'name': 'memberOf', + 'value': [source] + } +]", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure___GROUP___", + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript", + }, + }, + ], + "source": "system/Azure/__GROUP__", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "memberOf"]", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureDirectoryrole_managedAlpha_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzureDirectoryrole_managedAlpha_assignment": { + "_id": "mapping/systemAzureDirectoryrole_managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzureDirectoryrole_managedAlpha_assignment", + "icon": null, + "name": "systemAzureDirectoryrole_managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type", + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.description !== "undefined" && source.description !== null) ? source.description : source._id", + "type": "text/javascript", + }, + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping", + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.displayName !== "undefined" && source.displayName !== null) ? source.displayName : source._id", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[ + { + 'name': '__roles__', + 'value': [source] + } +]", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure_directoryRole_", + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript", + }, + }, + ], + "source": "system/Azure/directoryRole", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__roles__"]", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureServiceplan_managedAlpha_assignment.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzureServiceplan_managedAlpha_assignment": { + "_id": "mapping/systemAzureServiceplan_managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzureServiceplan_managedAlpha_assignment", + "icon": null, + "name": "systemAzureServiceplan_managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING", + }, + { + "action": "CREATE", + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED", + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED", + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type", + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", + "type": "text/javascript", + }, + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping", + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.servicePlanName !== "undefined" && source.servicePlanName !== null) ? source.servicePlanName : source._id", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[ + { + 'name': '__servicePlanIds__', + 'value': [source] + } +]", + "type": "text/javascript", + }, + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure_servicePlan_", + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript", + }, + }, + ], + "source": "system/Azure/servicePlan", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq "managedAlpha_user_systemAzureUser" and attributes[name eq "__servicePlanIds__"]", + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/mapping/systemAzureUser_managedAlpha_user.mapping.json 1`] = ` +{ + "mapping": { + "mapping/systemAzureUser_managedAlpha_user": { + "_id": "mapping/systemAzureUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq "' + source.mail + '"'}; qry", + "type": "text/javascript", + }, + ], + "defaultSourceFields": [ + "*", + "memberOf", + "__roles__", + "__servicePlanIds__", + ], + "defaultTargetFields": [ + "*", + "assignments", + ], + "displayName": "systemAzureUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemAzureUser", + "name": "systemAzureUser_managedAlpha_user", + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "ONBOARD", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "SOURCE_TARGET_CONFLICT", + }, + ], + "properties": [ + { + "referencedObjectType": "__GROUP__", + "source": "memberOf", + "target": "assignments", + }, + { + "referencedObjectType": "directoryRole", + "source": "__roles__", + "target": "assignments", + }, + { + "referencedObjectType": "servicePlan", + "source": "__servicePlanIds__", + "target": "assignments", + }, + ], + "reconSourceQueryPageSize": 999, + "reconSourceQueryPaging": true, + "runTargetPhase": false, + "source": "system/Azure/User", + "sourceQueryFullEntry": true, + "target": "managed/alpha_user", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-admin-token.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-admin-token": { + "_id": "esv-admin-token", + "activeVersion": "1", + "description": "Long-lived admin token", + "encoding": "generic", + "lastChangeDate": "2024-03-20T14:46:13.461793Z", + "lastChangedBy": "ba58ff99-76d3-4c69-9c4a-7f150ac70e2c", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-brando-pingone.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-brando-pingone": { + "_id": "esv-brando-pingone", + "activeVersion": "4", + "description": "This is to show the connection between PingOne and AIC. ", + "encoding": "generic", + "lastChangeDate": "2024-06-24T00:44:06.154598Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "4", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test1.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-secret-import-test1": { + "_id": "esv-secret-import-test1", + "activeVersion": "1", + "description": "Secret Import Test 1", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:13.904591Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-secret-import-test2.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-secret-import-test2": { + "_id": "esv-secret-import-test2", + "activeVersion": "1", + "description": "Secret Import Test 2", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:41.914076Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret": { + "_id": "esv-test-secret", + "activeVersion": "1", + "description": "This is a test secret containing a simple string value.", + "encoding": "generic", + "lastChangeDate": "2024-07-05T17:53:53.682578Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-cert-pem": { + "_id": "esv-test-secret-cert-pem", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file.", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:48:49.005574Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-cert-pem-raw.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-cert-pem-raw": { + "_id": "esv-test-secret-cert-pem-raw", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file (raw).", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:49:20.270526Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-euler.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-euler": { + "_id": "esv-test-secret-euler", + "activeVersion": "1", + "description": "A test secret containing the value of Euler's number", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:27:34.607038Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-file-base64hmac": { + "_id": "esv-test-secret-file-base64hmac", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file.", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:46:37.42544Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-file-base64hmac-raw.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-file-base64hmac-raw": { + "_id": "esv-test-secret-file-base64hmac-raw", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file (raw).", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:47:03.695151Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-pi": { + "_id": "esv-test-secret-pi", + "activeVersion": "1", + "description": "Secret that contains the value of pi", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:22:28.519043Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-test-secret-pi-generic.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-test-secret-pi-generic": { + "_id": "esv-test-secret-pi-generic", + "activeVersion": "3", + "description": "", + "encoding": "generic", + "lastChangeDate": "2024-07-15T03:20:09.136266Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "3", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/secret/esv-volkers-test-secret.secret.json 1`] = ` +{ + "meta": Any, + "secret": { + "esv-volkers-test-secret": { + "_id": "esv-volkers-test-secret", + "activeVersion": "10", + "description": "Volker's test secret", + "encoding": "generic", + "lastChangeDate": "2024-06-26T01:37:06.116117Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "10", + "useInPlaceholders": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/CorsService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "CorsService": { + "_id": "", + "_type": { + "_id": "CorsService", + "collection": false, + "name": "CORS Service", + }, + "enabled": true, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/service/dashboard.service.json 1`] = ` +{ + "meta": Any, + "service": { + "dashboard": { + "_id": "", + "_type": { + "_id": "dashboard", + "collection": false, + "name": "Dashboard", + }, + "defaults": { + "assignedDashboard": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Google", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "Google", + "icfIdentifier": "idm magic 34", + "icon": "images/logos/googleplus.png", + "login": "http://www.google.com", + "name": "Google", + }, + { + "_id": "SalesForce", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "SalesForce", + "icfIdentifier": "idm magic 12", + "icon": "images/logos/salesforce.png", + "login": "http://www.salesforce.com", + "name": "SalesForce", + }, + { + "_id": "ZenDesk", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "ZenDesk", + "icfIdentifier": "idm magic 56", + "icon": "images/logos/zendesk.png", + "login": "http://www.ZenDesk.com", + "name": "ZenDesk", + }, + { + "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "BookmarkApplicationClass", + "displayName": "Google", + "icon": "app-bookmark.svg", + "login": "https://www.google.com/", + "name": "Google", + }, + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/AlphaUser2GoogleApps.sync.json 1`] = ` +{ + "_id": "sync/AlphaUser2GoogleApps", + "consentRequired": false, + "correlationQuery": [ + { + "expressionTree": { + "all": [ + "__NAME__", + ], + }, + "file": "ui/correlateTreeToQueryFilter.js", + "linkQualifier": "default", + "mapping": "AlphaUser2GoogleApps", + "type": "text/javascript", + }, + ], + "displayName": "AlphaUser2GoogleApps", + "enableSync": { + "$bool": "&{esv.gac.enable.mapping}", + }, + "icon": null, + "name": "AlphaUser2GoogleApps", + "onCreate": { + "globals": {}, + "source": "target.orgUnitPath = "/NewAccounts";", + "type": "text/javascript", + }, + "onUpdate": { + "globals": {}, + "source": "//testing1234 +target.givenName = oldTarget.givenName; +target.familyName = oldTarget.familyName; +target.__NAME__ = oldTarget.__NAME__;", + "type": "text/javascript", + }, + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS", + }, + { + "action": "UNLINK", + "situation": "SOURCE_MISSING", + }, + { + "action": { + "globals": {}, + "source": "// Timing Constants +var ATTEMPT = 6; // Number of attempts to find the Google user. +var SLEEP_TIME = 500; // Milliseconds between retries. +var SYSTEM_ENDPOINT = "system/GoogleApps/__ACCOUNT__"; +var MAPPING_NAME = "AlphaUser2GoogleApps"; +var GOOGLE_DOMAIN = identityServer.getProperty("esv.gac.domain"); +var googleEmail = source.userName + "@" + GOOGLE_DOMAIN; +var frUserGUID = source._id; +var resultingAction = "ASYNC"; + +// Get the Google GUID +var linkQueryParams = {'_queryFilter': 'firstId eq "' + frUserGUID + '" and linkType eq "' + MAPPING_NAME + '"'}; +var linkResults = openidm.query("repo/link/", linkQueryParams, null); +var googleGUID; + +if (linkResults.resultCount === 1) { + googleGUID = linkResults.result[0].secondId; +} + +var queryResults; // Resulting query from looking for the Google user. +var params = {'_queryFilter': '__UID__ eq "' + googleGUID + '"'}; + +for (var i = 1; i <= ATTEMPT; i++) { + queryResults = openidm.query(SYSTEM_ENDPOINT, params); + if (queryResults.result && queryResults.result.length > 0) { + logger.info("idmlog: ---AlphaUser2GoogleApps - Missing->UPDATE - Result found in " + i + " attempts. Query result: " + JSON.stringify(queryResults)); + resultingAction = "UPDATE"; + break; + } + java.lang.Thread.sleep(SLEEP_TIME); // Wait before trying again. +} + +if (!queryResults.result || queryResults.resultCount === 0) { + logger.warn("idmlog: ---AlphaUser2GoogleApps - Missing->UNLINK - " + googleEmail + " not found after " + ATTEMPT + " attempts."); + resultingAction = "UNLINK"; +} +resultingAction; +", + "type": "text/javascript", + }, + "situation": "MISSING", + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "IGNORE", + "situation": "UNQUALIFIED", + }, + { + "action": "IGNORE", + "situation": "UNASSIGNED", + }, + { + "action": "UNLINK", + "situation": "LINK_ONLY", + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED", + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED", + }, + { + "action": "IGNORE", + "situation": "ALL_GONE", + }, + { + "action": "UPDATE", + "situation": "CONFIRMED", + }, + { + "action": "LINK", + "situation": "FOUND", + }, + { + "action": "CREATE", + "situation": "ABSENT", + }, + ], + "properties": [ + { + "condition": { + "globals": {}, + "source": "object.custom_password_encrypted != null", + "type": "text/javascript", + }, + "source": "custom_password_encrypted", + "target": "__PASSWORD__", + "transform": { + "globals": {}, + "source": "openidm.decrypt(source);", + "type": "text/javascript", + }, + }, + { + "source": "cn", + "target": "__NAME__", + "transform": { + "globals": {}, + "source": "source + "@" + identityServer.getProperty("esv.gac.domain");", + "type": "text/javascript", + }, + }, + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "", + "target": "familyName", + "transform": { + "globals": {}, + "source": "if (source.frIndexedInteger1 > 2 && source.frIndexedInteger1 < 6) { + source.sn + " (Student)" +} else { + source.sn +}", + "type": "text/javascript", + }, + }, + ], + "queuedSync": { + "enabled": true, + "maxQueueSize": 20000, + "maxRetries": 5, + "pageSize": 100, + "pollingInterval": 1000, + "postRetryAction": "logged-ignore", + "retryDelay": 1000, + }, + "source": "managed/alpha_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + "managedAlpha_user_managedBravo_user", + "managedBravo_user_managedAlpha_user", + ], + "target": "system/GoogleApps/__ACCOUNT__", + "validSource": { + "globals": {}, + "source": "var isGoogleEligible = true; +//var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + " cn: " + source.cn + ") -"; +var logMsg = "idmlog: ---AplhaUser2GAC (username: " + source.userName + " - userType: " + source.frIndexedInteger1 + ") -"; + +//Get Applicable userTypes (no Parent accounts) +if (source.frIndexedInteger1 !== 0 && source.frIndexedInteger1 !== 1 && source.frIndexedInteger1 !== 3 && source.frIndexedInteger1 !== 4 && source.frIndexedInteger1 !== 5) { + isGoogleEligible = false; + logMsg = logMsg + " Account type not eligible."; +} + +//Make sure the account has a valid encrypted password. +if (source.custom_password_encrypted == undefined || source.custom_password_encrypted == null) { + isGoogleEligible = false; + logMsg = logMsg + " No encrypted password yet."; +} + +//Check that CN exists and has no space. +if (source.cn && source.cn.includes(' ')) { + isGoogleEligible = false; + logMsg = logMsg + " CN with a space is not allowed."; +} + +if (!isGoogleEligible) { + logMsg = logMsg + " Not sent to Google." + logger.info(logMsg); +} + +if (isGoogleEligible) { + logMsg = logMsg + " Sent to Google." + logger.info(logMsg); +} + +isGoogleEligible; +", + "type": "text/javascript", + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedAlpha_user_managedBravo_user.sync.json 1`] = ` +{ + "_id": "sync/managedAlpha_user_managedBravo_user", + "consentRequired": true, + "displayName": "Test Mapping for Frodo", + "icon": null, + "name": "managedAlpha_user_managedBravo_user", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [ + { + "condition": { + "globals": {}, + "source": "console.log("Hello World!");", + "type": "text/javascript", + }, + "default": [ + "Default value string", + ], + "source": "accountStatus", + "target": "applications", + "transform": { + "globals": {}, + "source": "console.log("hello");", + "type": "text/javascript", + }, + }, + ], + "source": "managed/alpha_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + ], + "target": "managed/bravo_user", +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedBravo_user_managedAlpha_user.sync.json 1`] = ` +{ + "_id": "sync/managedBravo_user_managedAlpha_user", + "consentRequired": false, + "displayName": "Frodo test mapping", + "icon": null, + "name": "managedBravo_user_managedAlpha_user", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "syncAfter": [ + "managedBravo_user_managedBravo_user", + "managedAlpha_user_managedBravo_user", + ], + "target": "managed/alpha_user", +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/managedBravo_user_managedBravo_user.sync.json 1`] = ` +{ + "_id": "sync/managedBravo_user_managedBravo_user", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user", + "icon": null, + "name": "managedBravo_user_managedBravo_user", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/bravo_user", + "syncAfter": [], + "target": "managed/bravo_user", +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/sync/sync.idm.json 1`] = ` +{ + "idm": { + "sync": { + "_id": "sync", + "mappings": [ + "file://managedBravo_user_managedBravo_user.sync.json", + "file://managedAlpha_user_managedBravo_user.sync.json", + "file://managedBravo_user_managedAlpha_user.sync.json", + "file://AlphaUser2GoogleApps.sync.json", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-blue-piller.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-blue-piller": { + "_id": "esv-blue-piller", + "description": "Zion membership criteria.", + "expressionType": "bool", + "lastChangeDate": "2024-07-05T20:01:11.78347Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "false", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-ipv4-cidr-access-rules.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-ipv4-cidr-access-rules": { + "_id": "esv-ipv4-cidr-access-rules", + "description": "IPv4 CIDR access rules: { "allow": [ "address/mask" ] }", + "expressionType": "object", + "lastChangeDate": "2024-07-05T20:01:13.987057Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "{ "allow": [ "145.118.0.0/16", "132.35.0.0/16", "101.226.0.0/16", "99.72.28.182/32" ] }", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-nebuchadnezzar-crew.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-nebuchadnezzar-crew": { + "_id": "esv-nebuchadnezzar-crew", + "description": "The crew of the Nebuchadnezzar hovercraft.", + "expressionType": "array", + "lastChangeDate": "2024-07-05T20:01:05.216699Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "["Morpheus","Trinity","Link","Tank","Dozer","Apoc","Cypher","Mouse","Neo","Switch"]", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-nebuchadnezzar-crew-structure.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-nebuchadnezzar-crew-structure": { + "_id": "esv-nebuchadnezzar-crew-structure", + "description": "The structure of the crew of the Nebuchadnezzar hovercraft.", + "expressionType": "object", + "lastChangeDate": "2024-07-05T20:01:07.343325Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "{"Captain":"Morpheus","FirstMate":"Trinity","Operator":["Link","Tank"],"Medic":"Dozer","Crewmen":["Apoc","Cypher","Mouse","Neo","Switch"]}", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-neo-age.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-neo-age": { + "_id": "esv-neo-age", + "description": "Neo's age in the matrix.", + "expressionType": "int", + "lastChangeDate": "2024-11-01T16:21:14.46187Z", + "lastChangedBy": "Frodo-SA-1730238488278", + "loaded": true, + "value": "28", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-number.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-number": { + "_id": "esv-number", + "description": "test number", + "expressionType": "number", + "lastChangeDate": "2024-07-05T19:42:20.943131Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "value": "1.134", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-test": { + "_id": "esv-test", + "description": "list", + "expressionType": "list", + "lastChangeDate": "2024-11-01T21:00:21.315828Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "value": "a,b,c,d", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-var.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-test-var": { + "_id": "esv-test-var", + "description": "this is a test description", + "expressionType": "string", + "lastChangeDate": "2024-11-01T16:21:15.469328Z", + "lastChangedBy": "Frodo-SA-1730238488278", + "loaded": true, + "value": "this is a test variable", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-var-pi.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-test-var-pi": { + "_id": "esv-test-var-pi", + "description": "This is another test variable.", + "expressionType": "number", + "lastChangeDate": "2024-07-12T17:40:41.283412Z", + "lastChangedBy": "Frodo-SA-1720799681233", + "loaded": true, + "value": "3.1415926", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-var-pi-string.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-test-var-pi-string": { + "_id": "esv-test-var-pi-string", + "description": "This is another test variable.", + "expressionType": "string", + "lastChangeDate": "2024-07-05T20:01:16.11117Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "3.1415926", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-test-variable-light.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-test-variable-light": { + "_id": "esv-test-variable-light", + "description": "Test variable containing the speed of light in meters per second (as an int).", + "expressionType": "int", + "lastChangeDate": "2023-12-14T15:34:13.446903Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "value": "299792458", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/global/variable/esv-trinity-phone.variable.json 1`] = ` +{ + "meta": Any, + "variable": { + "esv-trinity-phone": { + "_id": "esv-trinity-phone", + "description": "In the opening of The Matrix (1999), the phone number Trinity is calling from is traced to (312)-555-0690", + "expressionType": "string", + "lastChangeDate": "2024-07-05T20:01:03.141204Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "(312)-555-0690", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/cdsso-ig-agent.agent.json 1`] = ` +{ + "agent": { + "cdsso-ig-agent": { + "_id": "cdsso-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [ + "https://volker-demo.encore.forgerock.com:443/apps/hrlite/redirect", + "https://volker-demo.encore.forgerock.com/apps/hrlite/redirect", + "https://volker-demo.encore.forgerock.com:443/apps/hrlite-rest/redirect", + "https://volker-demo.encore.forgerock.com:443/apps/contractor/redirect", + "https://volker-demo.encore.forgerock.com/apps/hrlite-rest/redirect", + "https://volker-demo.encore.forgerock.com/apps/contractor/redirect", + ], + "igTokenIntrospection": "Realm_Subs", + "secretLabelIdentifier": null, + "status": "Active", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-ig-agent.agent.json 1`] = ` +{ + "agent": { + "frodo-test-ig-agent": { + "_id": "frodo-test-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": "test_ig_group", + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "secretLabelIdentifier": null, + "status": "Inactive", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-ig-agent2.agent.json 1`] = ` +{ + "agent": { + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo", + ], + "igTokenIntrospection": "Realm", + "secretLabelIdentifier": null, + "status": "Inactive", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-java-agent.agent.json 1`] = ` +{ + "agent": { + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-java-agent2.agent.json 1`] = ` +{ + "agent": { + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-web-agent.agent.json 1`] = ` +{ + "agent": { + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/frodo-test-web-agent2.agent.json 1`] = ` +{ + "agent": { + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/ig-agent.agent.json 1`] = ` +{ + "agent": { + "ig-agent": { + "_id": "ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "Realm_Subs", + "secretLabelIdentifier": null, + "status": "Active", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/my-policy-agent.agent.json 1`] = ` +{ + "agent": { + "my-policy-agent": { + "_id": "my-policy-agent", + "_type": { + "_id": "2.2_Agent", + "collection": true, + "name": "Policy Agents", + }, + "cdssoRootUrl": [], + "description": null, + "status": "Active", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/test.agent.json 1`] = ` +{ + "agent": { + "test": { + "_id": "test", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "agentgroup": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agent/test-software-publisher.agent.json 1`] = ` +{ + "agent": { + "test software publisher": { + "_id": "test software publisher", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "agentgroup": null, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agentGroup/test_ig_group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "test_ig_group": { + "_id": "test_ig_group", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "status": "Active", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agentGroup/test_java_group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "test_java_group": { + "_id": "test_java_group", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": null, + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": {}, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": null, + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/agentGroup/test_web_agent_group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "test_web_agent_group": { + "_id": "test_web_agent_group", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/application/Azure.application.json 1`] = ` +{ + "managedApplication": { + "0f357b7e-6c54-4351-a094-43916877d7e5": { + "_id": "0f357b7e-6c54-4351-a094-43916877d7e5", + "authoritative": false, + "connectorId": "Azure", + "description": "Azure", + "icon": "", + "mappingNames": [ + "systemAzureUser_managedAlpha_user", + "managedAlpha_user_systemAzureUser", + "systemAzure__group___managedAlpha_assignment", + "systemAzureDirectoryrole_managedAlpha_assignment", + "systemAzureServiceplan_managedAlpha_assignment", + ], + "name": "Azure", + "templateName": "azure.ad", + "templateVersion": "3.3", + "uiConfig": { + "objectTypes": { + "User": { + "properties": { + "__PASSWORD__": { + "displayName": "Password", + "order": 17, + "userSpecific": true, + }, + "__roles__": { + "displayName": "Roles", + "nonAccountObject": "directoryRole", + "order": 3, + "userSpecific": true, + }, + "__servicePlanIds__": { + "displayName": "Service Plan Ids", + "nonAccountObject": "servicePlan", + "order": 27, + "userSpecific": true, + }, + "accountEnabled": { + "displayName": "Account Enabled", + "order": 0, + "userSpecific": true, + }, + "city": { + "displayName": "City", + "order": 5, + "userSpecific": true, + }, + "companyName": { + "displayName": "Company Name", + "order": 4, + "userSpecific": true, + }, + "country": { + "displayName": "Country", + "order": 6, + "userSpecific": true, + }, + "department": { + "displayName": "Department", + "order": 7, + "userSpecific": true, + }, + "displayName": { + "displayName": "Display Name", + "order": 8, + "userSpecific": true, + }, + "givenName": { + "displayName": "Given Name", + "order": 9, + "userSpecific": true, + }, + "jobTitle": { + "displayName": "Job Title", + "order": 11, + "userSpecific": true, + }, + "mail": { + "displayName": "Mail", + "isDisplay": true, + "isMail": true, + "order": 1, + "userSpecific": true, + }, + "mailNickname": { + "displayName": "Mail Nickname", + "order": 12, + "userSpecific": true, + }, + "manager": { + "displayName": "Manager", + "order": 13, + "userSpecific": true, + }, + "memberOf": { + "displayName": "Member Of", + "nonAccountObject": "__GROUP__", + "order": 2, + "userSpecific": true, + }, + "mobilePhone": { + "displayName": "Mobile Phone", + "order": 14, + "userSpecific": true, + }, + "onPremisesImmutableId": { + "displayName": "On Premises Immutable Id", + "order": 10, + "userSpecific": true, + }, + "onPremisesSecurityIdentifier": { + "displayName": "On Premises Security Identifier", + "order": 15, + "userSpecific": true, + }, + "otherMails": { + "displayName": "Other Mails", + "order": 16, + "userSpecific": true, + }, + "postalCode": { + "displayName": "Postal Code", + "order": 18, + "userSpecific": true, + }, + "preferredLanguage": { + "displayName": "Preferred Language", + "order": 19, + "userSpecific": true, + }, + "proxyAddresses": { + "displayName": "Proxy Addresses", + "order": 20, + "userSpecific": true, + }, + "state": { + "displayName": "State", + "order": 21, + "userSpecific": true, + }, + "streetAddress": { + "displayName": "Street Address", + "order": 22, + "userSpecific": true, + }, + "surname": { + "displayName": "Surname", + "order": 23, + "userSpecific": true, + }, + "usageLocation": { + "displayName": "Usage Location", + "order": 24, + "userSpecific": true, + }, + "userPrincipalName": { + "displayName": "User Principal Name", + "isUsername": true, + "order": 25, + "userSpecific": true, + }, + "userType": { + "displayName": "User Type", + "order": 26, + "userSpecific": true, + }, + }, + }, + "__GROUP__": { + "properties": { + "__NAME__": { + "displayName": "Name", + "order": 2, + "userSpecific": true, + }, + "description": { + "displayName": "Description", + "order": 4, + "userSpecific": true, + }, + "displayName": { + "displayName": "Display Name", + "order": 3, + "userSpecific": true, + }, + "groupTypes": { + "displayName": "Group Types", + "order": 10, + "userSpecific": true, + }, + "id": { + "displayName": "Id", + "order": 0, + "userSpecific": true, + }, + "mail": { + "displayName": "Mail", + "order": 5, + "userSpecific": true, + }, + "mailEnabled": { + "displayName": "Mail Enabled", + "order": 6, + "userSpecific": true, + }, + "onPremisesSecurityIdentifier": { + "displayName": "On Premises Security Identifier", + "order": 7, + "userSpecific": true, + }, + "proxyAddresses": { + "displayName": "Proxy Addresses", + "order": 8, + "userSpecific": true, + }, + "securityEnabled": { + "displayName": "Security Enabled", + "order": 9, + "userSpecific": true, + }, + "type": { + "displayName": "Type", + "order": 1, + "userSpecific": true, + }, + }, + }, + "directoryRole": { + "properties": { + "description": { + "displayName": "description", + "order": 0, + "userSpecific": true, + }, + "displayName": { + "displayName": "displayName", + "order": 1, + "userSpecific": true, + }, + }, + }, + "servicePlan": { + "properties": { + "__NAME__": { + "displayName": "__NAME__", + "order": 5, + "userSpecific": true, + }, + "appliesTo": { + "displayName": "appliesTo", + "order": 0, + "userSpecific": true, + }, + "provisioningStatus": { + "displayName": "provisioningStatus", + "order": 2, + "userSpecific": true, + }, + "servicePlanId": { + "displayName": "servicePlanId", + "order": 1, + "userSpecific": true, + }, + "servicePlanName": { + "displayName": "servicePlanName", + "order": 4, + "userSpecific": true, + }, + "subscriberSkuId": { + "displayName": "subscriberSkuId", + "order": 3, + "userSpecific": true, + }, + }, + }, + }, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/application/Google.application.json 1`] = ` +{ + "managedApplication": { + "2e4663b7-aed2-4521-8819-d379449d91b0": { + "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "description": "Link to Google", + "name": "Google", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://www.google.com/", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/application/testLDAP.application.json 1`] = ` +{ + "managedApplication": { + "e124e6f6-e25a-4180-a6c3-ff8b782a422c": { + "_id": "e124e6f6-e25a-4180-a6c3-ff8b782a422c", + "authoritative": true, + "description": "desc", + "icon": "", + "name": "testLDAP", + "templateName": "ldap", + "templateVersion": "2.1", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/authentication/root-alpha.authentication.settings.json 1`] = ` +{ + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "Login", + "orgConfig": "Login", + }, + "general": { + "defaultAuthLevel": 0, + "externalLoginPageUrl": "https://volker-demo.encore.forgerock.com/demo/webapp/en/home/redirect", + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/enduser/?realm=/alpha", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "keyAlias": "test", + "moduleBasedAuthEnabled": false, + "sharedSecret": { + "$string": "&{am.authentication.shared.secret}", + }, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 1440, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/cot/2f04818d-561e-4f8a-82e8-af2426112138.cot.saml.json 1`] = ` +{ + "meta": Any, + "saml": { + "cot": { + "2f04818d-561e-4f8a-82e8-af2426112138": { + "_id": "2f04818d-561e-4f8a-82e8-af2426112138", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "benefits-IDP|saml2", + "iSPAzure|saml2", + ], + }, + }, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/cot/AzureCOT.cot.saml.json 1`] = ` +{ + "meta": Any, + "saml": { + "cot": { + "AzureCOT": { + "_id": "AzureCOT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [ + "iSPAzure|saml2", + "urn:federation:MicrosoftOnline|saml2", + "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/|saml2", + "SPAzure|saml2", + "https://idc.scheuber.io/am/saml2/IDPAzure|saml2", + ], + }, + }, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/cot/affiliation-test.cot.saml.json 1`] = ` +{ + "meta": Any, + "saml": { + "cot": { + "affiliation-test": { + "_id": "affiliation-test", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [], + }, + }, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export -AsxD exportAllTestDir2": should export everything into separate files in the directory exportAllTestDir2 with scripts extracted and mappings separate: exportAllTestDir2/realm/root-alpha/idp/adfs.idp.json 1`] = ` +{ + "idp": { + "adfs": { + "_id": "adfs", + "_type": { + "_id": "oidcConfig", + "collection": true, + "name": "Client configuration for providers that implement the OpenID Connect specification.", + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "aa9a179e-cdba-4db8-8477-3d1069d5ec04", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://adfs.mytestrun.com/adfs", + "issuerComparisonCheckType": "EXACT", + "jwksUriEndpoint": "https://adfs.mytestrun.com/adfs/discovery/keys", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "RS256", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/token", + "transform": "dbe0bf9a-72aa-49d5-8483-9db147985a47", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonCustomStyleHover": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonDisplayName": "Microsoft ADFS", + "buttonImage": "/login/images/microsoft-logo.png", + "iconBackground": "#0078d7", + "iconClass": "fa-windows", "iconFontColor": "white", }, "useCustomTrustStore": false, @@ -381568,588 +387897,1908 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "items": { "type": "string", }, - "type": "array", + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AND.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthLevel", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", + }, + "applicationName": { + "type": "string", + }, + "authScheme": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthScheme", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToService", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv4.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv4", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv6.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv6", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LDAPFilter", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LEAuthLevel", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/NOT.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "OAuth2Scope", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OR.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Policy.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "ResourceEnvIP", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Script.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Script", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Session.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", + }, + "terminateSession": { + "required": true, + "type": "boolean", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Session", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SessionProperty", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", + }, + "endDay": { + "type": "string", + }, + "endTime": { + "type": "string", + }, + "enforcementTimeZone": { + "type": "string", + }, + "startDate": { + "type": "string", + }, + "startDay": { + "type": "string", + }, + "startTime": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SimpleTime", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Transaction.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", + }, + "strategySpecifier": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Transaction", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/cot/Test-COT.cot.saml.json 1`] = ` +{ + "meta": Any, + "saml": { + "cot": { + "Test COT": { + "_id": "Test COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [], + }, + }, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` +{ + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/idp/Google-Test.idp.json 1`] = ` +{ + "idp": { + "Google Test": { + "_id": "Google Test", + "_type": { + "_id": "googleConfig", + "collection": true, + "name": "Client configuration for Google.", + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "test", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://accounts.google.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://testurl.com", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "transform": "58d29080-4563-480b-89bb-1e7719776a21", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "Google", + "buttonImage": "images/g-logo.png", + "iconBackground": "#4184f3", + "iconClass": "fa-google", + "iconFontColor": "white", + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Agent.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Agent": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AgentDataStoreDecisionNode", + "collection": true, + "name": "Agent Data Store Decision", + }, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Agent", + "description": "null", + "enabled": true, + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Example.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Example": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Example", + "description": "null", + "enabled": true, + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "connections": { + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "connections": { + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "connections": { + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Facebook-ProvisionIDMAccount": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialFacebookNode", + "collection": true, + "name": "Social Facebook", + }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionIdmAccountNode", + "collection": true, + "name": "Provision IDM Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + }, + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + "x": 0, + "y": 0, + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-AnonymousUser.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetSuccessUrlNode", + "collection": true, + "name": "Success URL", + }, + "successUrl": "https://www.forgerock.com/", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AnonymousUserNode", + "collection": true, + "name": "Anonymous User Mapping", }, + "anonymousUserName": "anonymous", }, - "type": "object", }, - "logical": false, - "title": "AMIdentityMembership", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AND.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "conditions": { - "type": "array", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-AnonymousUser", + "description": "null", + "enabled": true, + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", + "x": 0, + "y": 0, + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + "x": 0, + "y": 0, + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "connections": { + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + }, + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", + "x": 0, + "y": 0, }, }, - "type": "object", + "uiConfig": {}, }, - "logical": true, - "title": "AND", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-DynamicAccountCreation.journey.json 1`] = ` { - "conditionTypes": { - "AuthLevel": { - "_id": "AuthLevel", - "config": { - "properties": { - "authLevel": { - "type": "integer", + "meta": Any, + "trees": { + "Google-DynamicAccountCreation": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionDynamicAccountNode", + "collection": true, + "name": "Provision Dynamic Account", }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", }, - "type": "object", - }, - "logical": false, - "title": "AuthLevel", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthScheme": { - "_id": "AuthScheme", - "config": { - "properties": { - "applicationIdleTimeout": { - "type": "integer", + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "CreatePasswordNode", + "collection": true, + "name": "Create Password", }, - "applicationName": { - "type": "string", + "minPasswordLength": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", }, - "authScheme": { - "items": { - "type": "string", + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", }, - "type": "object", - }, - "logical": false, - "title": "AuthScheme", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthenticateToRealm": { - "_id": "AuthenticateToRealm", - "config": { - "properties": { - "authenticateToRealm": { - "type": "string", + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, }, - "type": "object", - }, - "logical": false, - "title": "AuthenticateToRealm", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthenticateToService": { - "_id": "AuthenticateToService", - "config": { - "properties": { - "authenticateToService": { - "type": "string", + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", }, + "length": 8, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, }, - "type": "object", }, - "logical": false, - "title": "AuthenticateToService", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv4.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "IPv4": { - "_id": "IPv4", - "config": { - "properties": { - "dnsName": { - "items": { - "type": "string", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-DynamicAccountCreation", + "description": "null", + "enabled": true, + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "type": "array", + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", + "x": 0, + "y": 0, }, - "endIp": { - "type": "string", + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "connections": { + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + }, + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", + "x": 0, + "y": 0, }, - "startIp": { - "type": "string", + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + "x": 0, + "y": 0, + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "connections": { + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + "x": 0, + "y": 0, + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "connections": { + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + "x": 0, + "y": 0, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + "x": 0, + "y": 0, }, }, - "type": "object", + "uiConfig": {}, }, - "logical": false, - "title": "IPv4", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/IPv6.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/HmacOneTimePassword.journey.json 1`] = ` { - "conditionTypes": { - "IPv6": { - "_id": "IPv6", - "config": { - "properties": { - "dnsName": { - "items": { - "type": "string", + "meta": Any, + "trees": { + "HmacOneTimePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", }, - "endIp": { - "type": "string", + "length": 8, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", }, - "startIp": { - "type": "string", + "passwordExpiryTime": 5, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", }, }, - "type": "object", - }, - "logical": false, - "title": "IPv6", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "LDAPFilter": { - "_id": "LDAPFilter", - "config": { - "properties": { - "ldapFilter": { - "type": "string", + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", }, }, - "type": "object", - }, - "logical": false, - "title": "LDAPFilter", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "LEAuthLevel": { - "_id": "LEAuthLevel", - "config": { - "properties": { - "authLevel": { - "type": "integer", + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", }, - "type": "object", - }, - "logical": false, - "title": "LEAuthLevel", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/NOT.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "condition": { - "properties": {}, - "type": "object", + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", }, }, - "type": "object", }, - "logical": true, - "title": "NOT", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "OAuth2Scope": { - "_id": "OAuth2Scope", - "config": { - "properties": { - "requiredScopes": { - "items": { - "type": "string", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "HmacOneTimePassword", + "description": "null", + "enabled": true, + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "connections": { + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", }, - "type": "array", + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + "x": 743.0625, + "y": 58.5, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + "x": 1109.09375, + "y": 35.859375, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 546.546875, + "y": 35.859375, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 353.9375, + "y": 58.5, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "connections": { + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + "x": 920.625, + "y": 58.5, + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "connections": { + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 152, + "y": 58.5, }, }, - "type": "object", - }, - "logical": false, - "title": "OAuth2Scope", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/OR.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "conditions": { - "type": "array", + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1326.34375, + "y": 92, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1326.34375, + "y": 25, + }, + "startNode": { + "x": 50, + "y": 58.5, }, }, - "type": "object", + "uiConfig": {}, }, - "logical": true, - "title": "OR", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Policy.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PersistentCookie.journey.json 1`] = ` { - "conditionTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", + "meta": Any, + "trees": { + "PersistentCookie": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", }, - "properties": { - "type": "object", + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, }, - "type": "object", - }, - "logical": false, - "title": "Policy", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "ResourceEnvIP": { - "_id": "ResourceEnvIP", - "config": { - "properties": { - "resourceEnvIPConditionValue": { - "items": { - "type": "string", + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", }, - "type": "array", + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "PersistentCookieDecisionNode", + "collection": true, + "name": "Persistent Cookie Decision", }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, }, - "type": "object", - }, - "logical": false, - "title": "ResourceEnvIP", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Script.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "Script": { - "_id": "Script", - "config": { - "properties": { - "scriptId": { - "type": "string", + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", }, }, - "type": "object", }, - "logical": false, - "title": "Script", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Session.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "Session": { - "_id": "Session", - "config": { - "properties": { - "maxSessionTime": { - "type": "integer", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PersistentCookie", + "description": "null", + "enabled": true, + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "connections": { + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, }, - "terminateSession": { - "required": true, - "type": "boolean", + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + "x": 0, + "y": 0, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + "x": 0, + "y": 0, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "connections": { + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, }, }, - "type": "object", + "uiConfig": {}, }, - "logical": false, - "title": "Session", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformForgottenUsername.journey.json 1`] = ` { - "conditionTypes": { - "SessionProperty": { - "_id": "SessionProperty", - "config": { - "properties": { - "ignoreValueCase": { - "required": true, - "type": "boolean", - }, - "properties": { - "type": "object", + "meta": Any, + "trees": { + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, }, - "type": "object", }, - "logical": false, - "title": "SessionProperty", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "SimpleTime": { - "_id": "SimpleTime", - "config": { - "properties": { - "endDate": { - "type": "string", + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", }, - "endDay": { - "type": "string", + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", }, - "endTime": { - "type": "string", + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", }, - "enforcementTimeZone": { - "type": "string", + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, - "startDate": { - "type": "string", + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", }, - "startDay": { - "type": "string", + "pageHeader": { + "en": "Forgotten Username", }, - "startTime": { - "type": "string", + "stage": "null", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", }, + "identityAttribute": "mail", }, - "type": "object", }, - "logical": false, - "title": "SimpleTime", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/conditionTypes/Transaction.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "Transaction": { - "_id": "Transaction", - "config": { - "properties": { - "authenticationStrategy": { - "type": "string", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, }, - "strategySpecifier": { - "type": "string", + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, }, }, - "type": "object", - }, - "logical": false, - "title": "Transaction", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/cot/Test-COT.cot.saml.json 1`] = ` -{ - "meta": Any, - "saml": { - "cot": { - "Test COT": { - "_id": "Test COT", - "_type": { - "_id": "circlesoftrust", - "collection": true, - "name": "Circle of Trust", - }, - "status": "active", - "trustedProviders": [], - }, - }, - "hosted": {}, - "metadata": {}, - "remote": {}, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` -{ - "decisionCombiners": { - "DenyOverride": { - "_id": "DenyOverride", - "title": "DenyOverride", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/idp/Google-Test.idp.json 1`] = ` -{ - "idp": { - "Google Test": { - "_id": "Google Test", - "_type": { - "_id": "googleConfig", - "collection": true, - "name": "Client configuration for Google.", - }, - "acrValues": [], - "authenticationIdKey": "sub", - "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "clientAuthenticationMethod": "CLIENT_SECRET_POST", - "clientId": "test", - "enableNativeNonce": true, - "enabled": true, - "encryptJwtRequestParameter": false, - "encryptedIdTokens": false, - "issuer": "https://accounts.google.com", - "issuerComparisonCheckType": "EXACT", - "jwtEncryptionAlgorithm": "NONE", - "jwtEncryptionMethod": "NONE", - "jwtRequestParameterOption": "NONE", - "jwtSigningAlgorithm": "NONE", - "pkceMethod": "S256", - "privateKeyJwtExpTime": 600, - "redirectURI": "https://testurl.com", - "responseMode": "DEFAULT", - "revocationCheckOptions": [], - "scopeDelimiter": " ", - "scopes": [ - "openid", - "profile", - "email", - ], - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "transform": "58d29080-4563-480b-89bb-1e7719776a21", - "uiConfig": { - "buttonClass": "", - "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", - "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", - "buttonDisplayName": "Google", - "buttonImage": "images/g-logo.png", - "iconBackground": "#4184f3", - "iconClass": "fa-google", - "iconFontColor": "white", + "uiConfig": {}, }, - "useCustomTrustStore": false, - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - "userInfoResponseType": "JSON", - "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Agent.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformLogin.journey.json 1`] = ` { "meta": Any, "trees": { - "Agent": { + "PlatformLogin": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", "_outcomes": [ { "displayName": "True", @@ -382161,32 +389810,62 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AgentDataStoreDecisionNode", + "_id": "InnerTreeEvaluatorNode", "collection": true, - "name": "Agent Data Store Decision", + "name": "Inner Tree Evaluator", }, + "tree": "PlatformProgressiveProfile", }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", "_outcomes": [ { - "displayName": "Has Credentials", + "displayName": "True", "id": "true", }, { - "displayName": "No Credentials", + "displayName": "False", "id": "false", }, ], "_type": { - "_id": "ZeroPageLoginNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Zero Page Login Collector", + "name": "Data Store Decision", }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", }, }, "saml2Entities": {}, @@ -382194,30 +389873,48 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "Agent", - "description": "null", + "_id": "PlatformLogin", + "description": "Platform Login Tree", "enabled": true, - "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { "connections": { "false": "e301438c-0bd0-429c-ab0c-66126501069a", "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Agent Data Store Decision", - "nodeType": "AgentDataStoreDecisionNode", + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", "x": 0, "y": 0, }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { "connections": { "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + "true": "2838023a-778d-3aec-9c21-2708f721b788", }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", "x": 0, "y": 0, }, @@ -382229,17 +389926,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Example.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformProgressiveProfile.journey.json 1`] = ` { "meta": Any, "trees": { - "Example": { + "PlatformProgressiveProfile": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", "_outcomes": [ { "displayName": "Outcome", @@ -382247,13 +389943,22 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PasswordCollectorNode", + "_id": "AttributeCollectorNode", "collection": true, - "name": "Password Collector", + "name": "Attribute Collector", }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", "_outcomes": [ { "displayName": "True", @@ -382265,13 +389970,15 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "QueryFilterDecisionNode", "collection": true, - "name": "Data Store Decision", + "name": "Query Filter Decision", }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", "_outcomes": [ { "displayName": "Outcome", @@ -382279,32 +389986,65 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "UsernameCollectorNode", + "_id": "PageNode", "collection": true, - "name": "Username Collector", + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", }, + "stage": "null", }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", "_outcomes": [ { - "displayName": "Has Credentials", + "displayName": "True", "id": "true", }, { - "displayName": "No Credentials", + "displayName": "False", "id": "false", }, ], "_type": { - "_id": "ZeroPageLoginNode", + "_id": "LoginCountDecisionNode", "collection": true, - "name": "Zero Page Login Collector", + "name": "Login Count Decision", }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, }, }, "saml2Entities": {}, @@ -382312,48 +390052,49 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "Example", - "description": "null", + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", "enabled": true, - "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { "connections": { - "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", "x": 0, "y": 0, }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "6c8349cc-7260-3e62-a3b1-396831a8398f": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", + "displayName": "Page Node", + "nodeType": "PageNode", "x": 0, "y": 0, }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { "connections": { - "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", "x": 0, "y": 0, }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { "connections": { - "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", "x": 0, "y": 0, }, @@ -382365,62 +390106,88 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformRegistration.journey.json 1`] = ` { "meta": Any, "trees": { - "Facebook-ProvisionIDMAccount": { + "PlatformRegistration": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", "_outcomes": [ { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", + "displayName": "Outcome", + "id": "outcome", }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ { - "displayName": "No account exists", - "id": "NO_ACCOUNT", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "SocialFacebookNode", + "_id": "ValidatedPasswordNode", "collection": true, - "name": "Social Facebook", + "name": "Platform Password", }, - "authenticationIdKey": "id", - "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", - "cfgAccountMapperConfiguration": { - "id": "iplanet-am-user-alias-list", + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "first_name": "givenName", - "id": "iplanet-am-user-alias-list", - "last_name": "sn", - "name": "cn", + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "facebook", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "public_profile,email", - "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", - "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", "_outcomes": [ { "displayName": "Outcome", @@ -382428,11 +390195,96 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ProvisionIdmAccountNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Provision IDM Account", + "name": "Platform Username", }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", }, }, "saml2Entities": {}, @@ -382440,29 +390292,38 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "Facebook-ProvisionIDMAccount", - "description": "null", + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", "enabled": true, - "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Facebook Social Authentication", - "nodeType": "SocialFacebookNode", + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", "x": 0, "y": 0, }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", }, - "displayName": "Provision IDM Account", - "nodeType": "ProvisionIdmAccountNode", + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + "x": 0, + "y": 0, + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", "x": 0, "y": 0, }, @@ -382474,17 +390335,54 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-AnonymousUser.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformResetPassword.journey.json 1`] = ` { "meta": Any, "trees": { - "Google-AnonymousUser": { + "PlatformResetPassword": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", "_outcomes": [ { "displayName": "Outcome", @@ -382492,59 +390390,75 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "SetSuccessUrlNode", + "_id": "PageNode", "collection": true, - "name": "Success URL", + "name": "Page Node", }, - "successUrl": "https://www.forgerock.com/", + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", "_outcomes": [ { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", + "displayName": "True", + "id": "true", }, { - "displayName": "No account exists", - "id": "NO_ACCOUNT", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "SocialGoogleNode", + "_id": "IdentifyExistingUserNode", "collection": true, - "name": "Social Google", + "name": "Identify Existing User", }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", + "pageDescription": { + "en": "Enter your email address or Sign in", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", "_outcomes": [ { "displayName": "Outcome", @@ -382552,11 +390466,39 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AnonymousUserNode", + "_id": "EmailSuspendNode", "collection": true, - "name": "Anonymous User Mapping", + "name": "Email Suspend Node", }, - "anonymousUserName": "anonymous", + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, }, }, "saml2Entities": {}, @@ -382564,38 +390506,57 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "Google-AnonymousUser", - "description": "null", + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", "enabled": true, - "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", }, - "displayName": "Set Success URL", - "nodeType": "SetSuccessUrlNode", + "displayName": "Page Node", + "nodeType": "PageNode", "x": 0, "y": 0, }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { + "072b030b-a126-32f4-b237-4f342be9ed44": { "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", "x": 0, "y": 0, }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { "connections": { - "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", }, - "displayName": "Map to Anonymous User", - "nodeType": "AnonymousUserNode", + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", "x": 0, "y": 0, }, @@ -382607,17 +390568,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/Google-DynamicAccountCreation.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformUpdatePassword.journey.json 1`] = ` { "meta": Any, "trees": { - "Google-DynamicAccountCreation": { + "PlatformUpdatePassword": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", "_outcomes": [ { "displayName": "Outcome", @@ -382625,14 +390585,15 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ProvisionDynamicAccountNode", + "_id": "ValidatedPasswordNode", "collection": true, - "name": "Provision Dynamic Account", + "name": "Platform Password", }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "passwordAttribute": "password", + "validateInput": false, }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", "_outcomes": [ { "displayName": "Outcome", @@ -382640,59 +390601,76 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "CreatePasswordNode", + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", "collection": true, - "name": "Create Password", + "name": "Attribute Present Decision", }, - "minPasswordLength": 0, + "identityAttribute": "userName", + "presentAttribute": "password", }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", "_outcomes": [ { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "SocialGoogleNode", + "_id": "EmailSuspendNode", "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", + "name": "Email Suspend Node", }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", "_outcomes": [ { "displayName": "Outcome", @@ -382700,47 +390678,51 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "OneTimePasswordSmtpSenderNode", + "_id": "PageNode", "collection": true, - "name": "OTP Email Sender", + "name": "Page Node", }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", }, - "emailSubject": { - "en": "Your One Time Password", + "pageHeader": { + "en": "Verify Existing Password", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", + "stage": "null", }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", "_outcomes": [ { - "displayName": "Retry", - "id": "Retry", + "displayName": "Patched", + "id": "PATCHED", }, { - "displayName": "Reject", - "id": "Reject", + "displayName": "Failed", + "id": "FAILURE", }, ], "_type": { - "_id": "RetryLimitDecisionNode", + "_id": "PatchObjectNode", "collection": true, - "name": "Retry Limit Decision", + "name": "Patch Object", }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", "_outcomes": [ { "displayName": "Outcome", @@ -382748,30 +390730,40 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "OneTimePasswordGeneratorNode", + "_id": "PageNode", "collection": true, - "name": "HOTP Generator", + "name": "Page Node", }, - "length": 8, - }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", - "_outcomes": [ + "nodes": [ { - "displayName": "True", - "id": "true", + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ { - "displayName": "False", - "id": "false", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", + "_id": "SessionDataNode", "collection": true, - "name": "OTP Collector Decision", + "name": "Get Session Data", }, - "passwordExpiryTime": 5, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", }, }, "saml2Entities": {}, @@ -382779,76 +390771,76 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "Google-DynamicAccountCreation", - "description": "null", + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", "enabled": true, - "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", }, - "displayName": "Provision Dynamic Account", - "nodeType": "ProvisionDynamicAccountNode", + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", "x": 0, "y": 0, }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { "connections": { - "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", }, - "displayName": "Create Password", - "nodeType": "CreatePasswordNode", + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", "x": 0, "y": 0, }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", "x": 0, "y": 0, }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { "connections": { - "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", + "displayName": "Page Node", + "nodeType": "PageNode", "x": 0, "y": 0, }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { "connections": { - "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", - "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", "x": 0, "y": 0, }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { "connections": { - "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", + "displayName": "Page Node", + "nodeType": "PageNode", "x": 0, "y": 0, }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { "connections": { - "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", "x": 0, "y": 0, }, @@ -382860,17 +390852,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/HmacOneTimePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/RetryLimit.journey.json 1`] = ` { "meta": Any, "trees": { - "HmacOneTimePassword": { + "RetryLimit": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": {}, "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", "_outcomes": [ { "displayName": "Outcome", @@ -382878,51 +390870,33 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", - }, - "length": 8, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "OTP Collector Decision", + "name": "Username Collector", }, - "passwordExpiryTime": 5, }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Retry", + "id": "Retry", }, { - "displayName": "False", - "id": "false", + "displayName": "Reject", + "id": "Reject", }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "RetryLimitDecisionNode", "collection": true, - "name": "Data Store Decision", + "name": "Retry Limit Decision", }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", "_outcomes": [ { "displayName": "Outcome", @@ -382935,36 +390909,26 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "name": "Password Collector", }, }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "OneTimePasswordSmtpSenderNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "OTP Email Sender", - }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", - }, - "emailSubject": { - "en": "Your One Time Password", + "name": "Data Store Decision", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", "_outcomes": [ { "displayName": "Outcome", @@ -382972,10 +390936,11 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "UsernameCollectorNode", + "_id": "AccountLockoutNode", "collection": true, - "name": "Username Collector", + "name": "Account Lockout", }, + "lockAction": "LOCK", }, }, "saml2Entities": {}, @@ -382983,82 +390948,59 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "HmacOneTimePassword", + "_id": "RetryLimit", "description": "null", "enabled": true, - "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "connections": { - "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", - }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 743.0625, - "y": 58.5, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 1109.09375, - "y": 35.859375, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 546.546875, - "y": 35.859375, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { "connections": { - "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", }, "displayName": "Password Collector", "nodeType": "PasswordCollectorNode", - "x": 353.9375, - "y": 58.5, + "x": 0, + "y": 0, }, - "98f13708-2101-34c4-b568-7be6106a3b84": { + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { "connections": { - "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 920.625, - "y": 58.5, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "d3d94468-02a4-3259-b55d-38e6d163e820": { "connections": { - "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 152, - "y": 58.5, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1326.34375, - "y": 92, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1326.34375, - "y": 25, - }, - "startNode": { - "x": 50, - "y": 58.5, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + "x": 0, + "y": 0, }, }, "uiConfig": {}, @@ -383068,17 +391010,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PersistentCookie.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/oath_registration.journey.json 1`] = ` { "meta": Any, "trees": { - "PersistentCookie": { + "oath_registration": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "innerNodes": { + "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c": { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", "_outcomes": [ { "displayName": "Outcome", @@ -383086,13 +391027,15 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "UsernameCollectorNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Username Collector", + "name": "Platform Username", }, + "usernameAttribute": "userName", + "validateInput": false, }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f": { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", "_outcomes": [ { "displayName": "Outcome", @@ -383100,19 +391043,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "SetPersistentCookieNode", + "_id": "ValidatedPasswordNode", "collection": true, - "name": "Set Persistent Cookie", + "name": "Platform Password", }, - "hmacSigningKey": null, - "idleTimeout": 5, - "maxLife": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, + "passwordAttribute": "password", + "validateInput": false, }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + }, + "nodes": { + "35ca2418-908d-4b92-9320-ef8576851abb": { + "_id": "35ca2418-908d-4b92-9320-ef8576851abb", "_outcomes": [ { "displayName": "True", @@ -383124,48 +391065,98 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PersistentCookieDecisionNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Persistent Cookie Decision", + "name": "Data Store Decision", }, - "enforceClientIp": false, - "hmacSigningKey": null, - "idleTimeout": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "_id": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", }, ], "_type": { - "_id": "PasswordCollectorNode", + "_id": "OathRegistrationNode", "collection": true, - "name": "Password Collector", + "name": "OATH Registration", }, + "accountName": "USERNAME", + "addChecksum": false, + "algorithm": "TOTP", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "minSharedSecretLength": 32, + "passwordLength": "SIX_DIGITS", + "postponeDeviceProfileStorage": false, + "scanQRCodeMessage": {}, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "truncationOffset": -1, }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "_id": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Success", + "id": "successOutcome", }, { - "displayName": "False", - "id": "false", + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Not registered", + "id": "notRegisteredOutcome", }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "OathTokenVerifierNode", "collection": true, - "name": "Data Store Decision", + "name": "OATH Token Verifier", + }, + "algorithm": "TOTP", + "hotpWindowSize": 100, + "isRecoveryCodeAllowed": false, + "maximumAllowedClockDrift": 5, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "totpTimeSteps": 2, + }, + "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "_id": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, + "nodes": [ + { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, }, }, "saml2Entities": {}, @@ -383173,59 +391164,64 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PersistentCookie", - "description": "null", + "_id": "oath_registration", "enabled": true, - "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", - "identityResource": "null", + "entryNodeId": "fc5481db-cbee-479f-915a-2b40c54ce04e", "innerTreeOnly": false, "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "35ca2418-908d-4b92-9320-ef8576851abb": { "connections": { - "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 416, + "y": 161, }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", }, - "displayName": "Set Persistent Cookie", - "nodeType": "SetPersistentCookieNode", - "x": 0, - "y": 0, + "displayName": "OATH Registration", + "nodeType": "OathRegistrationNode", + "x": 717, + "y": 290, }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "notRegisteredOutcome": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "successOutcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Persistent Cookie Decision", - "nodeType": "PersistentCookieDecisionNode", - "x": 0, - "y": 0, + "displayName": "OATH Token Verifier", + "nodeType": "OathTokenVerifierNode", + "x": 689, + "y": 102, }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "fc5481db-cbee-479f-915a-2b40c54ce04e": { "connections": { - "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "outcome": "35ca2418-908d-4b92-9320-ef8576851abb", }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 202, + "y": 139, }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1103, + "y": 47, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1100, + "y": 240, + }, + "startNode": { + "x": 50, + "y": 25, }, }, "uiConfig": {}, @@ -383235,16 +391231,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformForgottenUsername.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/push_registration.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformForgottenUsername": { + "push_registration": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": { - "d82c8d16-19ad-3176-9665-453cfb2e55f0": { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9": { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", "_outcomes": [ { "displayName": "Outcome", @@ -383252,21 +391248,61 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AttributeCollectorNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Attribute Collector", + "name": "Platform Username", }, - "attributesToCollect": [ - "mail", + "usernameAttribute": "userName", + "validateInput": false, + }, + "7ab18633-6eb0-455d-97ff-40ff7db4862a": { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, }, }, "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "_id": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { + "_id": "0e161d10-c2d1-4196-8b41-59f80be4a587", "_outcomes": [ { "displayName": "True", @@ -383278,79 +391314,115 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "InnerTreeEvaluatorNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Inner Tree Evaluator", + "name": "Data Store Decision", }, - "tree": "PlatformLogin", }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "_id": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Sent", + "id": "SENT", + }, + { + "displayName": "Not Registered", + "id": "NOT_REGISTERED", + }, + { + "displayName": "Skipped", + "id": "SKIPPED", }, ], "_type": { - "_id": "EmailSuspendNode", + "_id": "PushAuthenticationSenderNode", "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + "name": "Push Sender", }, - "emailTemplateName": "forgottenUsername", - "identityAttribute": "mail", - "objectLookup": true, + "captureFailure": false, + "contextInfo": false, + "customPayload": [], + "mandatory": false, + "messageTimeout": 120000, + "pushType": "DEFAULT", + "userMessage": {}, }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "527e6b31-01db-409c-8f52-01a5b7f48737": { + "_id": "527e6b31-01db-409c-8f52-01a5b7f48737", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Success", + "id": "TRUE", + }, + { + "displayName": "Failure", + "id": "FALSE", + }, + { + "displayName": "Expired", + "id": "EXPIRED", + }, + { + "displayName": "Waiting", + "id": "WAITING", }, ], "_type": { - "_id": "PageNode", + "_id": "PushResultVerifierNode", "collection": true, - "name": "Page Node", + "name": "Push Result Verifier Node", }, - "nodes": [ + }, + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "_id": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "_outcomes": [ { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Time Out", + "id": "timeoutOutcome", }, ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Forgotten Username", + "_type": { + "_id": "PushRegistrationNode", + "collection": true, + "name": "Push Registration", }, - "stage": "null", + "accountName": "USERNAME", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "scanQRCodeMessage": {}, + "timeout": 60, }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "_id": "ccb48486-0d8e-475d-a002-29d0bfa1177a", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Done", + "id": "DONE", }, { - "displayName": "False", - "id": "false", + "displayName": "Exit", + "id": "EXITED", }, ], "_type": { - "_id": "IdentifyExistingUserNode", + "_id": "PushWaitNode", "collection": true, - "name": "Identify Existing User", + "name": "Push Wait Node", }, - "identityAttribute": "mail", + "challengeMessage": {}, + "exitMessage": {}, + "secondsToWait": 5, + "waitingMessage": {}, }, }, "saml2Entities": {}, @@ -383358,50 +391430,84 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformForgottenUsername", - "description": "Forgotten Username Tree", + "_id": "push_registration", "enabled": true, - "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", - "identityResource": "null", + "entryNodeId": "07bc635b-5a3f-461b-87ee-e76c9fa22738", "innerTreeOnly": false, "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "connections": {}, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 180, + "y": 133, + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 406, + "y": 126, }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { "connections": { - "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "NOT_REGISTERED": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "SENT": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "SKIPPED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, + "displayName": "Push Sender", + "nodeType": "PushAuthenticationSenderNode", + "x": 647, + "y": 79, }, - "a684ecee-e76f-3522-b732-86a895bc8436": { + "527e6b31-01db-409c-8f52-01a5b7f48737": { "connections": { - "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "EXPIRED": "e301438c-0bd0-429c-ab0c-66126501069a", + "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", + "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "WAITING": "e301438c-0bd0-429c-ab0c-66126501069a", }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "displayName": "Push Result Verifier Node", + "nodeType": "PushResultVerifierNode", + "x": 1016, + "y": 122, }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { "connections": { - "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "timeoutOutcome": "07bc635b-5a3f-461b-87ee-e76c9fa22738", }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, + "displayName": "Push Registration", + "nodeType": "PushRegistrationNode", + "x": 639, + "y": 299, + }, + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "connections": { + "DONE": "527e6b31-01db-409c-8f52-01a5b7f48737", + "EXITED": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + }, + "displayName": "Push Wait Node", + "nodeType": "PushWaitNode", + "x": 823, + "y": 126, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1245, + "y": 35, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1292, + "y": 172, + }, + "startNode": { + "x": 57, + "y": 22, }, }, "uiConfig": {}, @@ -383411,16 +391517,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformLogin.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/six.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformLogin": { + "six": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "642e92ef-b794-3173-8881-b53e1e1b18b6": { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "innerNodes": {}, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "_id": "295a70ba-2b67-4a48-bf13-237ce0a55450", "_outcomes": [ { "displayName": "Outcome", @@ -383428,15 +391535,15 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedPasswordNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Platform Password", + "name": "Platform Username", }, - "passwordAttribute": "password", + "usernameAttribute": "userName", "validateInput": false, }, - "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "_id": "4a77788d-d443-4646-ac52-5cb9f2207a8a", "_outcomes": [ { "displayName": "Outcome", @@ -383451,10 +391558,8 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "usernameAttribute": "userName", "validateInput": false, }, - }, - "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "_id": "5883ff1e-80dd-49f5-a609-120303e1b0cd", "_outcomes": [ { "displayName": "Outcome", @@ -383462,132 +391567,167 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "IncrementLoginCountNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Increment Login Count", + "name": "Platform Username", }, - "identityAttribute": "userName", + "usernameAttribute": "userName", + "validateInput": false, }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "_id": "59129227-f192-4ff4-a7b4-bc7690b82d4f", "_outcomes": [ { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "InnerTreeEvaluatorNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Inner Tree Evaluator", + "name": "Platform Username", }, - "tree": "PlatformProgressiveProfile", + "usernameAttribute": "userName", + "validateInput": false, }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "_id": "6a1aa88f-25f8-4d40-8008-bfc6684b2a58", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Outcome", + "id": "outcome", }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "_id": "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5", + "_outcomes": [ { - "displayName": "False", - "id": "false", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Data Store Decision", + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "six", + "enabled": true, + "entryNodeId": "e301438c-0bd0-429c-ab0c-66126501069a", + "innerTreeOnly": false, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 488, + "y": 57.890625, + }, + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 494, + "y": 458.890625, + }, + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 446, + "y": 298.890625, + }, + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 482, + "y": 220.890625, + }, + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 461, + "y": 369.890625, + }, + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + "x": 499, + "y": 139.890625, }, }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 50, + "y": 117, }, - "nodes": [ - { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "New here? Create an account
Forgot username? Forgot password?", + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 152, + "y": 25, }, - "pageHeader": { - "en": "Sign In", + "startNode": { + "x": 50, + "y": 25, }, - "stage": "null", }, + "uiConfig": {}, }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/test.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "test": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": {}, "saml2Entities": {}, "scripts": {}, "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformLogin", - "description": "Platform Login Tree", + "_id": "test", "enabled": true, - "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", - "identityResource": "null", + "entryNodeId": "d26176be-ea6f-4f2a-81cd-3d41dd6cee4d", "innerTreeOnly": false, - "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "connections": { - "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", - }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, + "nodes": {}, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 50, + "y": 117, }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "2838023a-778d-3aec-9c21-2708f721b788", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 152, + "y": 25, }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "connections": { - "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "startNode": { + "x": 50, + "y": 25, }, }, "uiConfig": {}, @@ -383597,16 +391737,16 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformProgressiveProfile.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/webauthn_registration.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformProgressiveProfile": { + "webauthn_registration": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": { - "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "08faa9c0-7c19-454a-a4e1-0692d94615f6": { + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", "_outcomes": [ { "displayName": "Outcome", @@ -383614,42 +391754,78 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AttributeCollectorNode", + "_id": "ValidatedUsernameNode", "collection": true, - "name": "Attribute Collector", + "name": "Platform Username", }, - "attributesToCollect": [ - "preferences/updates", - "preferences/marketing", + "usernameAttribute": "userName", + "validateInput": false, + }, + "3334a349-b2ea-42e0-86b8-9f6c39d43dad": { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, ], - "identityAttribute": "userName", - "required": false, - "validateInputs": false, + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, }, }, "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { - "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "_id": "72ef6e1d-930c-4bed-922a-850815d98ea1", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Unsupported", + "id": "unsupported", }, { - "displayName": "False", - "id": "false", + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", }, ], "_type": { - "_id": "QueryFilterDecisionNode", + "_id": "WebAuthnRegistrationNode", "collection": true, - "name": "Query Filter Decision", + "name": "WebAuthn Registration Node", }, - "identityAttribute": "userName", - "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", + "acceptedSigningAlgorithms": [ + "ES256", + "RS256", + ], + "asScript": true, + "attestationPreference": "NONE", + "authenticatorAttachment": "UNSPECIFIED", + "enforceRevocationCheck": false, + "excludeCredentials": false, + "generateRecoveryCodes": true, + "maxSavedDevices": 0, + "origins": [], + "postponeDeviceProfileStorage": false, + "relyingPartyName": "ForgeRock", + "requiresResidentKey": false, + "storeAttestationDataInTransientState": false, + "timeout": 60, + "trustStoreAlias": "trustalias", + "userVerificationRequirement": "PREFERRED", }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { - "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "807106ff-fb66-469e-93bb-4e0834f6c875": { + "_id": "807106ff-fb66-469e-93bb-4e0834f6c875", "_outcomes": [ { "displayName": "Outcome", @@ -383663,19 +391839,21 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, "nodes": [ { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", }, ], "pageDescription": {}, - "pageHeader": { - "en": "Please select your preferences", - }, - "stage": "null", + "pageHeader": {}, }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { - "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "_id": "878eb28e-41b2-4bd7-9256-80ed427bd168", "_outcomes": [ { "displayName": "True", @@ -383687,35 +391865,46 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "LoginCountDecisionNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Login Count Decision", + "name": "Data Store Decision", }, - "amount": 3, - "identityAttribute": "userName", - "interval": "AT", }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { - "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "_id": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", "_outcomes": [ { - "displayName": "Patched", - "id": "PATCHED", + "displayName": "Unsupported", + "id": "unsupported", }, { - "displayName": "Failed", - "id": "FAILURE", + "displayName": "No Device Registered", + "id": "noDevice", + }, + { + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", }, ], "_type": { - "_id": "PatchObjectNode", + "_id": "WebAuthnAuthenticationNode", "collection": true, - "name": "Patch Object", + "name": "WebAuthn Authentication Node", }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, + "asScript": true, + "isRecoveryCodeAllowed": false, + "origins": [], + "requiresResidentKey": false, + "timeout": 60, + "userVerificationRequirement": "PREFERRED", }, }, "saml2Entities": {}, @@ -383723,51 +391912,68 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformProgressiveProfile", - "description": "Prompt for missing preferences on 3rd login", + "_id": "webauthn_registration", "enabled": true, - "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", - "identityResource": "null", + "entryNodeId": "807106ff-fb66-469e-93bb-4e0834f6c875", "innerTreeOnly": false, "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "72ef6e1d-930c-4bed-922a-850815d98ea1": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "success": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", }, - "displayName": "Query Filter Decision", - "nodeType": "QueryFilterDecisionNode", - "x": 0, - "y": 0, + "displayName": "WebAuthn Registration Node", + "nodeType": "WebAuthnRegistrationNode", + "x": 629, + "y": 266, }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "807106ff-fb66-469e-93bb-4e0834f6c875": { "connections": { - "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "outcome": "878eb28e-41b2-4bd7-9256-80ed427bd168", }, "displayName": "Page Node", "nodeType": "PageNode", - "x": 0, - "y": 0, + "x": 192, + "y": 156, }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "878eb28e-41b2-4bd7-9256-80ed427bd168": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", }, - "displayName": "Login Count Decision", - "nodeType": "LoginCountDecisionNode", - "x": 0, - "y": 0, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 396, + "y": 157, }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "noDevice": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "success": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, + "displayName": "WebAuthn Authentication Node", + "nodeType": "WebAuthnAuthenticationNode", + "x": 608, + "y": 24, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1200, + "y": 34, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1206, + "y": 135, + }, + "startNode": { + "x": 76, + "y": 98, }, }, "uiConfig": {}, @@ -383777,5556 +391983,7516 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformRegistration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/oauth2.app/test-client.oauth2.app.json 1`] = ` +{ + "application": { + "test client": { + "_id": "test client", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "secretLabelIdentifier": null, + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policy/Test-Policy.policy.json 1`] = ` +{ + "meta": Any, + "policy": { + "Test Policy": { + "_id": "Test Policy", + "actionValues": {}, + "active": true, + "applicationName": "iPlanetAMWebAgentService", + "createdBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": "2024-06-27T17:07:04.220Z", + "description": "", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": "2024-10-09T21:36:26.771Z", + "name": "Test Policy", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/*?*", + ], + "subject": { + "subjects": [ + { + "type": "NONE", + }, + { + "subjectValues": [ + "id=phales,ou=user,dc=openam,dc=forgerock,dc=org", + ], + "type": "Identity", + }, + ], + "type": "AND", + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/iPlanetAMWebAgentService.policyset.json 1`] = ` +{ + "meta": Any, + "policyset": { + "iPlanetAMWebAgentService": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1718897366825, + "description": "The built-in Application used by OpenAM Policy Agents.", + "displayName": "Default Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786744, + "name": "iPlanetAMWebAgentService", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/oauth2Scopes.policyset.json 1`] = ` +{ + "meta": Any, + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1718897366918, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786761, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` +{ + "meta": Any, + "resourcetype": { + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1517161800564, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2 policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786611, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/URL.resourcetype.json 1`] = ` { "meta": Any, - "trees": { - "PlatformRegistration": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1422892465848, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786629, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/saml/Test-Entity.saml.json 1`] = ` +{ + "meta": Any, + "saml": { + "cot": {}, + "hosted": { + "VGVzdCBFbnRpdHk": { + "_id": "VGVzdCBFbnRpdHk", + "entityId": "Test Entity", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "givenName", - "sn", - "mail", - "preferences/marketing", - "preferences/updates", - ], - "identityAttribute": "userName", - "required": true, - "validateInputs": true, - }, - "1c383cd3-0b7c-398a-b502-93adfecb7b18": { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "idpAdapter": { + "idpAdapterScript": "[Empty]", }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "http://localhost:8080/am/idpsaehandler/metaAlias/test", }, - ], - "_type": { - "_id": "AcceptTermsAndConditionsNode", - "collection": true, - "name": "Accept Terms and Conditions", + "sessionSynchronization": {}, }, - }, - "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, }, - ], - "_type": { - "_id": "KbaCreateNode", - "collection": true, - "name": "KBA Definition", - }, - "allowUserDefinedQuestions": true, - "message": { - "en": "Select a security question", - }, - }, - "e369853d-f766-3a44-a1ed-0ff613f563bd": { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": true, - }, - }, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", }, - "identityAttribute": "userName", - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", - "_outcomes": [ - { - "displayName": "Created", - "id": "CREATED", + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", }, - { - "displayName": "Failed", - "id": "FAILURE", + "attributeMapper": { + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", }, - ], - "_type": { - "_id": "CreateObjectNode", - "collection": true, - "name": "Create Object", + "localConfiguration": {}, }, - "identityResource": "managed/user", - }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/AIDReqSoap/IDPRole/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "http://localhost:8080/am/AIDReqUri/IDPRole/metaAlias/test", + }, + ], + "metaAlias": "/test", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/NIMSoap/metaAlias/test", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/ArtifactResolver/metaAlias/test", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPMniSoap/metaAlias/test", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPSloSoap/metaAlias/test", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SSORedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SSOPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SSOSoap/metaAlias/test", + }, + ], }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", }, - "nodes": [ - { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", + }, + "serviceProvider": { + "advanced": { + "ecpConfiguration": { + "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", }, - { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "idpProxy": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "spUrl": "http://localhost:8080/am/spsaehandler/metaAlias/test2", }, - { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + }, + "assertionContent": { + "assertionTimeSkew": 300, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "defaultItem": true, + "level": 0, + }, + ], + "authenticationComparisonType": "Exact", + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", + "includeRequestedAuthenticationContext": true, }, - { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "displayName": "KBA Definition", - "nodeType": "KbaCreateNode", + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], }, - { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "displayName": "Accept Terms and Conditions", - "nodeType": "AcceptTermsAndConditionsNode", + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, }, - ], - "pageDescription": { - "en": "Signing up is fast and easy.
Already have an account?Sign In", - }, - "pageHeader": { - "en": "Sign Up", }, - "stage": "null", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformRegistration", - "description": "Platform Registration Tree", - "enabled": true, - "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "assertionProcessing": { + "accountMapping": { + "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "connections": { - "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "adapter": { + "spAdapterScript": "[Empty]", }, - "displayName": "Create Object", - "nodeType": "CreateObjectNode", - "x": 0, - "y": 0, + "attributeMapper": { + "attributeMap": [ + { + "key": "*", + "value": "*", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", + }, + "autoFederation": {}, + "responseArtifactMessageEncoding": { + "encoding": "URI", + }, + "url": {}, }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "connections": { - "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "services": { + "metaAlias": "/test2", + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "index": 0, + "isDefault": true, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 1, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/ECP/metaAlias/test2", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPSloSoap/metaAlias/test2", + }, + ], }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, }, }, - "uiConfig": {}, }, }, + "metadata": { + "VGVzdCBFbnRpdHk": [ + "", + "", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + }, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.js 1`] = ` +"/* + * Copyright 2014-2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ +import com.iplanet.sso.SSOException +import com.sun.identity.idm.IdRepoException +import org.forgerock.oauth2.core.exceptions.InvalidRequestException +import org.forgerock.oauth2.core.UserInfoClaims +import org.forgerock.openidconnect.Claim + +/* +* Defined variables: +* logger - always presents, the "OAuth2Provider" debug logger instance +* claims - always present, default server provided claims - Map +* claimObjects - always present, default server provided claims - List +* session - present if the request contains the session cookie, the user's session object +* identity - always present, the identity of the resource owner +* scopes - always present, the requested scopes +* scriptName - always present, the display name of the script +* requestProperties - always present, contains a map of request properties: +* requestUri - the request URI +* realm - the realm that the request relates to +* requestParams - a map of the request params and/or posted data. Each value is a list of one or +* more properties. Please note that these should be handled in accordance with OWASP best practices. +* clientProperties - present if the client specified in the request was identified, contains a map of client +* properties: +* clientId - the client's Uri for the request locale +* allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) +* for the client +* allowedResponseTypes - list of the allowed response types for the client +* allowedScopes - list of the allowed scopes for the client +* customProperties - A map of the custom properties of the client. +* Lists or maps will be included as sub-maps, e.g: +* testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 +* requestedClaims - Map> +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, map of requested claims to possible values, otherwise empty, +* requested claims with no requested values will have a key but no value in the map. A key with +* a single value in its Set indicates this is the only value that should be returned. +* requestedTypedClaims - List +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, list of requested claims with claim name, requested possible values +* and if claim is essential, otherwise empty, +* requested claims with no requested values will have a claim with no values. A claims with +* a single value indicates this is the only value that should be returned. +* claimsLocales - the values from the 'claims_locales' parameter - List +* Required to return a Map of claims to be added to the id_token claims +* +* Expected return value structure: +* UserInfoClaims { +* Map values; // The values of the claims for the user information +* Map> compositeScopes; // Mapping of scope name to a list of claim names. +* } +*/ + +// user session not guaranteed to be present +boolean sessionPresent = session != null + +/* + * Pulls first value from users profile attribute + * + * @param claim The claim object. + * @param attr The profile attribute name. + */ +def fromSet = { claim, attr -> + if (attr != null && attr.size() == 1){ + attr.iterator().next() + } else if (attr != null && attr.size() > 1){ + attr + } else if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim"); + } +} + +// ---vvvvvvvvvv--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---vvvvvvvvvv--- +/* + * Claim resolver which resolves the value of the claim from its requested values. + * + * This resolver will return a value if the claim has one requested values, otherwise an exception is thrown. + */ +defaultClaimResolver = { claim -> + if (claim.getValues().size() == 1) { + [(claim.getName()): claim.getValues().iterator().next()] + } else { + [:] + } +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If no match is found an exception is thrown. + */ +userProfileClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim of the user's address. + * + * This resolver will return a value for the claim if: + * # the value of the address is not null + * + */ +userAddressClaimResolver = { claim, identity -> + if (identity != null) { + addressFormattedValue = fromSet(claim.getName(), identity.getAttribute("postaladdress")) + if (addressFormattedValue != null) { + return [ + "formatted" : addressFormattedValue + ] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If the claim is essential and no value is found an InvalidRequestException will be thrown and returned to the user. + * If no match is found an exception is thrown. + */ +essentialClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (claim.isEssential() && (userProfileValue == null || userProfileValue.isEmpty())) { + throw new InvalidRequestException("Could not provide value for essential claim $claim") + } + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the list of requested languages from the 'claims_locales' authorize request + * parameter and attempt to match it to a value from the users' profile attribute. + * If no match is found an exception is thrown. + */ +claimLocalesClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + locale = claimsLocales.find { locale -> localeValues.containsKey(locale) } + if (locale != null) { + return [(claim.getName()): localeValues.get(locale)] + } + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the language tag specified in the claim object and attempt to match it to a value + * from the users' profile attribute. If no match is found an exception is thrown. + */ +languageTagClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + if (claim.getLocale() != null) { + if (localeValues.containsKey(claim.getLocale())) { + return [(claim.getName()): localeValues.get(claim.getLocale())] + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName() + "#" + entry.getKey()): entry.getValue()] + } + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName()): entry.getValue()] + } + } + } + return [:] +} + +/* + * Given a string "en|English,jp|Japenese,fr_CA|French Canadian" will return map of locale -> value. + */ +parseLocaleAwareString = { s -> + return result = s.split(",").collectEntries { entry -> + split = entry.split("\\\\|") + [(split[0]): value = split[1]] + } +} +// ---^^^^^^^^^^--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---^^^^^^^^^^--- + +// -------------- UPDATE THIS TO CHANGE CLAIM TO ATTRIBUTE MAPPING FUNCTIONS --------------- +/* + * List of claim resolver mappings. + */ +// [ {claim}: {attribute retriever}, ... ] +claimAttributes = [ + "email": userProfileClaimResolver.curry("mail"), + "address": { claim, identity -> [ "address" : userAddressClaimResolver(claim, identity) ] }, + "phone_number": userProfileClaimResolver.curry("telephonenumber"), + "given_name": userProfileClaimResolver.curry("givenname"), + "zoneinfo": userProfileClaimResolver.curry("preferredtimezone"), + "family_name": userProfileClaimResolver.curry("sn"), + "locale": userProfileClaimResolver.curry("preferredlocale"), + "name": userProfileClaimResolver.curry("cn") +] + + +// -------------- UPDATE THIS TO CHANGE SCOPE TO CLAIM MAPPINGS -------------- +/* + * Map of scopes to claim objects. + */ +// {scope}: [ {claim}, ... ] +scopeClaimsMap = [ + "email": [ "email" ], + "address": [ "address" ], + "phone": [ "phone_number" ], + "profile": [ "given_name", "zoneinfo", "family_name", "locale", "name" ] +] + + +// ---------------- UPDATE BELOW FOR ADVANCED USAGES ------------------- +if (logger.messageEnabled()) { + scopes.findAll { s -> !("openid".equals(s) || scopeClaimsMap.containsKey(s)) }.each { s -> + logger.message("OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s") + } +} + +/* + * Computes the claims return key and value. The key may be a different value if the claim value is not in + * the requested language. + */ +def computeClaim = { claim -> + try { + claimResolver = claimAttributes.get(claim.getName(), { claimObj, identity -> defaultClaimResolver(claim)}) + claimResolver(claim, identity) + } catch (IdRepoException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } catch (SSOException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } +} + +/* + * Converts requested scopes into claim objects based on the scope mappings in scopeClaimsMap. + */ +def convertScopeToClaims = { + scopes.findAll { scope -> "openid" != scope && scopeClaimsMap.containsKey(scope) }.collectMany { scope -> + scopeClaimsMap.get(scope).collect { claim -> + new Claim(claim) + } + } +} + +// Creates a full list of claims to resolve from requested scopes, claims provided by AS and requested claims +def claimsToResolve = convertScopeToClaims() + claimObjects + requestedTypedClaims + +// Computes the claim return key and values for all requested claims +computedClaims = claimsToResolve.collectEntries() { claim -> + result = computeClaim(claim) +} + +// Computes composite scopes +def compositeScopes = scopeClaimsMap.findAll { scope -> + scopes.contains(scope.key) +} + +return new UserInfoClaims((Map)computedClaims, (Map)compositeScopes) +" +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.json 1`] = ` +{ + "meta": Any, + "script": { + "1817cc25-fc84-4053-8f91-4ef130616e25": { + "_id": "1817cc25-fc84-4053-8f91-4ef130616e25", + "context": "OIDC_CLAIMS", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Legacy", + "script": "file://Legacy.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); +} + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.json 1`] = ` +{ + "meta": Any, + "script": { + "31bd2ae6-c929-4547-b636-84b874715d60": { + "_id": "31bd2ae6-c929-4547-b636-84b874715d60", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "NextGeneration", + "script": "file://NextGeneration.script.js", + }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformResetPassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); +} + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.json 1`] = ` { "meta": Any, - "trees": { - "PlatformResetPassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "44f683a8-4163-3352-bafe-57c2e008bc8c": { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, + "script": { + "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede": { + "_id": "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Test script description", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", }, - "66f041e1-6a60-328b-85a7-e228a89c3799": { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, + { + "arity": 2, + "id": "logWarning", + "type": "Function", }, - }, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Change password", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", + { + "arity": 2, + "id": "logInfo", + "type": "Function", }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "_id": "072b030b-a126-32f4-b237-4f342be9ed44", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", - }, - "identifier": "userName", - "identityAttribute": "mail", + { + "arity": 2, + "id": "logDebug", + "type": "Function", }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Test Script", + "script": "file://Test-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); +} + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.json 1`] = ` +{ + "meta": Any, + "script": { + "9a7836ff-b597-4799-8a6f-306fdf40f238": { + "_id": "9a7836ff-b597-4799-8a6f-306fdf40f238", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "This is a test script", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", - }, - "emailTemplateName": "resetPassword", - "identityAttribute": "mail", - "objectLookup": true, + { + "arity": 2, + "id": "logWarning", + "type": "Function", }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "mail", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, + { + "arity": 2, + "id": "logInfo", + "type": "Function", }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformResetPassword", - "description": "Reset Password Tree", - "enabled": true, - "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "connections": { - "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "connections": { - "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "connections": { - "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "connections": { - "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, - }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", }, - "uiConfig": {}, + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "test script 2", + "script": "file://test-script-2.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-keystore.secretstore.json 1`] = ` +{ + "meta": Any, + "secretstore": { + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", }, + "file": "/home/prestonhales/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/PlatformUpdatePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-passwords-store.secretstore.json 1`] = ` { "meta": Any, - "trees": { - "PlatformUpdatePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "735b90b4-5681-35ed-ac3f-678819b6e058": { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, - "7cbbc409-ec99-3f19-878c-75bd1e06f215": { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, + "secretstore": { + "default-passwords-store": { + "_id": "default-passwords-store", + "_type": { + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", }, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "AttributePresentDecisionNode", - "collection": true, - "name": "Attribute Present Decision", - }, - "identityAttribute": "userName", - "presentAttribute": "password", - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", - }, - "emailTemplateName": "updatePassword", - "identityAttribute": "userName", - "objectLookup": true, - }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter current password", - }, - "pageHeader": { - "en": "Verify Existing Password", - }, - "stage": "null", - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [ - "userName", - ], - "patchAsObject": true, - }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter new password", - }, - "pageHeader": { - "en": "Update Password", - }, - "stage": "null", - }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SessionDataNode", - "collection": true, - "name": "Get Session Data", - }, - "sessionDataKey": "UserToken", - "sharedStateKey": "userName", - }, + "directory": "/home/prestonhales/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/IdentityAssertionService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "IdentityAssertionService": { + "_id": "", + "_type": { + "_id": "IdentityAssertionService", + "collection": false, + "name": "Identity Assertion Service", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformUpdatePassword", - "description": "Update password using active session", - "enabled": true, - "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "connections": { - "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", - }, - "displayName": "Attribute Present Decision", - "nodeType": "AttributePresentDecisionNode", - "x": 0, - "y": 0, - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "connections": { - "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "connections": { - "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, - }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "connections": { - "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "connections": { - "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - }, - "displayName": "Get Session Data", - "nodeType": "SessionDataNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "cacheDuration": 120, + "enable": true, + "location": "/", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/RemoteConsentService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "RemoteConsentService": { + "_id": "", + "_type": { + "_id": "RemoteConsentService", + "collection": false, + "name": "Remote Consent Service", }, + "consentResponseTimeLimit": 2, + "jwkStoreCacheMissCacheTime": 1, + "jwkStoreCacheTimeout": 5, + "location": "/", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/RetryLimit.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/SocialIdentityProviders.service.json 1`] = ` { "meta": Any, - "trees": { - "RetryLimit": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", - }, - }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", - "_outcomes": [ - { - "displayName": "Retry", - "id": "Retry", - }, - { - "displayName": "Reject", - "id": "Reject", - }, - ], - "_type": { - "_id": "RetryLimitDecisionNode", - "collection": true, - "name": "Retry Limit Decision", - }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, - }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", - }, - }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AccountLockoutNode", - "collection": true, - "name": "Account Lockout", - }, - "lockAction": "LOCK", - }, + "service": { + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "RetryLimit", - "description": "null", - "enabled": true, - "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "connections": { - "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "connections": { - "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", - "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, - }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "connections": { - "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, - }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "connections": { - "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "connections": { - "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", - }, - "displayName": "Account Lockout", - "nodeType": "AccountLockoutNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "enabled": true, + "location": "/", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/amSessionPropertyWhitelist.service.json 1`] = ` +{ + "meta": Any, + "service": { + "amSessionPropertyWhitelist": { + "_id": "", + "_type": { + "_id": "amSessionPropertyWhitelist", + "collection": false, + "name": "Session Property Whitelist Service", }, + "location": "/", + "nextDescendents": [], + "sessionPropertyWhitelist": [ + "AMCtxId", + ], + "whitelistedQueryProperties": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/oath_registration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/audit.service.json 1`] = ` { "meta": Any, - "trees": { - "oath_registration": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c": { - "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f": { - "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, + "service": { + "audit": { + "_id": "", + "_type": { + "_id": "audit", + "collection": false, + "name": "Audit Logging", }, - "nodes": { - "35ca2418-908d-4b92-9320-ef8576851abb": { - "_id": "35ca2418-908d-4b92-9320-ef8576851abb", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { - "_id": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", - "_outcomes": [ - { - "displayName": "Success", - "id": "successOutcome", - }, - { - "displayName": "Failure", - "id": "failureOutcome", - }, - ], - "_type": { - "_id": "OathRegistrationNode", - "collection": true, - "name": "OATH Registration", - }, - "accountName": "USERNAME", - "addChecksum": false, - "algorithm": "TOTP", - "bgColor": "032b75", - "generateRecoveryCodes": true, - "issuer": "ForgeRock", - "minSharedSecretLength": 32, - "passwordLength": "SIX_DIGITS", - "postponeDeviceProfileStorage": false, - "scanQRCodeMessage": {}, - "totpHashAlgorithm": "HMAC_SHA1", - "totpTimeInterval": 30, - "truncationOffset": -1, - }, - "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { - "_id": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", - "_outcomes": [ - { - "displayName": "Success", - "id": "successOutcome", - }, - { - "displayName": "Failure", - "id": "failureOutcome", - }, - { - "displayName": "Not registered", - "id": "notRegisteredOutcome", - }, - ], - "_type": { - "_id": "OathTokenVerifierNode", - "collection": true, - "name": "OATH Token Verifier", - }, - "algorithm": "TOTP", - "hotpWindowSize": 100, - "isRecoveryCodeAllowed": false, - "maximumAllowedClockDrift": 5, - "totpHashAlgorithm": "HMAC_SHA1", - "totpTimeInterval": 30, - "totpTimeSteps": 2, - }, - "fc5481db-cbee-479f-915a-2b40c54ce04e": { - "_id": "fc5481db-cbee-479f-915a-2b40c54ce04e", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": {}, - "pageHeader": {}, - }, + "auditEnabled": true, + "blacklistFieldFilters": [], + "location": "/", + "nextDescendents": [], + "whitelistFieldFilters": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorOathService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "authenticatorOathService": { + "_id": "", + "_type": { + "_id": "authenticatorOathService", + "collection": false, + "name": "ForgeRock Authenticator (OATH) Service", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "oath_registration", - "enabled": true, - "entryNodeId": "fc5481db-cbee-479f-915a-2b40c54ce04e", - "innerTreeOnly": false, - "nodes": { - "35ca2418-908d-4b92-9320-ef8576851abb": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 416, - "y": 161, - }, - "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { - "connections": { - "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", - "successOutcome": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", - }, - "displayName": "OATH Registration", - "nodeType": "OathRegistrationNode", - "x": 717, - "y": 290, - }, - "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { - "connections": { - "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", - "notRegisteredOutcome": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", - "successOutcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "OATH Token Verifier", - "nodeType": "OathTokenVerifierNode", - "x": 689, - "y": 102, - }, - "fc5481db-cbee-479f-915a-2b40c54ce04e": { - "connections": { - "outcome": "35ca2418-908d-4b92-9320-ef8576851abb", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 202, - "y": 139, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1103, - "y": 47, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1100, - "y": 240, - }, - "startNode": { - "x": 50, - "y": 25, - }, - }, - "uiConfig": {}, + "authenticatorOATHDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", + "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", + "authenticatorOATHSkippableName": "oath2faEnabled", + "location": "/", + "nextDescendents": [], + "oathAttrName": "oathDeviceProfiles", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorPushService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "authenticatorPushService": { + "_id": "", + "_type": { + "_id": "authenticatorPushService", + "collection": false, + "name": "ForgeRock Authenticator (Push) Service", }, + "authenticatorPushDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", + "authenticatorPushSkippableName": "push2faEnabled", + "location": "/", + "nextDescendents": [], + "pushAttrName": "pushDeviceProfiles", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/push_registration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorWebAuthnService.service.json 1`] = ` { "meta": Any, - "trees": { - "push_registration": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9": { - "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "7ab18633-6eb0-455d-97ff-40ff7db4862a": { - "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, + "service": { + "authenticatorWebAuthnService": { + "_id": "", + "_type": { + "_id": "authenticatorWebAuthnService", + "collection": false, + "name": "WebAuthn Profile Encryption Service", }, - "nodes": { - "07bc635b-5a3f-461b-87ee-e76c9fa22738": { - "_id": "07bc635b-5a3f-461b-87ee-e76c9fa22738", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": {}, - "pageHeader": {}, - }, - "0e161d10-c2d1-4196-8b41-59f80be4a587": { - "_id": "0e161d10-c2d1-4196-8b41-59f80be4a587", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { - "_id": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", - "_outcomes": [ - { - "displayName": "Sent", - "id": "SENT", - }, - { - "displayName": "Not Registered", - "id": "NOT_REGISTERED", - }, - { - "displayName": "Skipped", - "id": "SKIPPED", - }, - ], - "_type": { - "_id": "PushAuthenticationSenderNode", - "collection": true, - "name": "Push Sender", - }, - "captureFailure": false, - "contextInfo": false, - "customPayload": [], - "mandatory": false, - "messageTimeout": 120000, - "pushType": "DEFAULT", - "userMessage": {}, - }, - "527e6b31-01db-409c-8f52-01a5b7f48737": { - "_id": "527e6b31-01db-409c-8f52-01a5b7f48737", - "_outcomes": [ - { - "displayName": "Success", - "id": "TRUE", - }, - { - "displayName": "Failure", - "id": "FALSE", - }, - { - "displayName": "Expired", - "id": "EXPIRED", - }, - { - "displayName": "Waiting", - "id": "WAITING", - }, - ], - "_type": { - "_id": "PushResultVerifierNode", - "collection": true, - "name": "Push Result Verifier Node", - }, - }, - "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { - "_id": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", - "_outcomes": [ - { - "displayName": "Success", - "id": "successOutcome", - }, - { - "displayName": "Failure", - "id": "failureOutcome", - }, - { - "displayName": "Time Out", - "id": "timeoutOutcome", - }, - ], - "_type": { - "_id": "PushRegistrationNode", - "collection": true, - "name": "Push Registration", - }, - "accountName": "USERNAME", - "bgColor": "032b75", - "generateRecoveryCodes": true, - "issuer": "ForgeRock", - "scanQRCodeMessage": {}, - "timeout": 60, - }, - "ccb48486-0d8e-475d-a002-29d0bfa1177a": { - "_id": "ccb48486-0d8e-475d-a002-29d0bfa1177a", - "_outcomes": [ - { - "displayName": "Done", - "id": "DONE", - }, - { - "displayName": "Exit", - "id": "EXITED", - }, - ], - "_type": { - "_id": "PushWaitNode", - "collection": true, - "name": "Push Wait Node", - }, - "challengeMessage": {}, - "exitMessage": {}, - "secondsToWait": 5, - "waitingMessage": {}, - }, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jceks", + "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", + "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], + "webauthnAttrName": "webauthnDeviceProfiles", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/baseurl.service.json 1`] = ` +{ + "meta": Any, + "service": { + "baseurl": { + "_id": "", + "_type": { + "_id": "baseurl", + "collection": false, + "name": "Base URL Source", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "push_registration", - "enabled": true, - "entryNodeId": "07bc635b-5a3f-461b-87ee-e76c9fa22738", - "innerTreeOnly": false, - "nodes": { - "07bc635b-5a3f-461b-87ee-e76c9fa22738": { - "connections": {}, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 180, - "y": 133, - }, - "0e161d10-c2d1-4196-8b41-59f80be4a587": { - "connections": { - "true": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 406, - "y": 126, - }, - "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { - "connections": { - "NOT_REGISTERED": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", - "SENT": "ccb48486-0d8e-475d-a002-29d0bfa1177a", - "SKIPPED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Push Sender", - "nodeType": "PushAuthenticationSenderNode", - "x": 647, - "y": 79, - }, - "527e6b31-01db-409c-8f52-01a5b7f48737": { - "connections": { - "EXPIRED": "e301438c-0bd0-429c-ab0c-66126501069a", - "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", - "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "WAITING": "e301438c-0bd0-429c-ab0c-66126501069a", - }, - "displayName": "Push Result Verifier Node", - "nodeType": "PushResultVerifierNode", - "x": 1016, - "y": 122, - }, - "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { - "connections": { - "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", - "successOutcome": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", - "timeoutOutcome": "07bc635b-5a3f-461b-87ee-e76c9fa22738", - }, - "displayName": "Push Registration", - "nodeType": "PushRegistrationNode", - "x": 639, - "y": 299, - }, - "ccb48486-0d8e-475d-a002-29d0bfa1177a": { - "connections": { - "DONE": "527e6b31-01db-409c-8f52-01a5b7f48737", - "EXITED": "07bc635b-5a3f-461b-87ee-e76c9fa22738", - }, - "displayName": "Push Wait Node", - "nodeType": "PushWaitNode", - "x": 823, - "y": 126, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1245, - "y": 35, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1292, - "y": 172, - }, - "startNode": { - "x": 57, - "y": 22, - }, - }, - "uiConfig": {}, + "contextPath": "/am", + "location": "/", + "nextDescendents": [], + "source": "REQUEST_VALUES", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/dashboard.service.json 1`] = ` +{ + "meta": Any, + "service": { + "dashboard": { + "_id": "", + "_type": { + "_id": "dashboard", + "collection": false, + "name": "Dashboard", }, + "assignedDashboard": [], + "location": "/", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/six.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceBindingService.service.json 1`] = ` { "meta": Any, - "trees": { - "six": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "295a70ba-2b67-4a48-bf13-237ce0a55450": { - "_id": "295a70ba-2b67-4a48-bf13-237ce0a55450", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "4a77788d-d443-4646-ac52-5cb9f2207a8a": { - "_id": "4a77788d-d443-4646-ac52-5cb9f2207a8a", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "5883ff1e-80dd-49f5-a609-120303e1b0cd": { - "_id": "5883ff1e-80dd-49f5-a609-120303e1b0cd", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "59129227-f192-4ff4-a7b4-bc7690b82d4f": { - "_id": "59129227-f192-4ff4-a7b4-bc7690b82d4f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { - "_id": "6a1aa88f-25f8-4d40-8008-bfc6684b2a58", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { - "_id": "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, + "service": { + "deviceBindingService": { + "_id": "", + "_type": { + "_id": "deviceBindingService", + "collection": false, + "name": "Device Binding Service", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "six", - "enabled": true, - "entryNodeId": "e301438c-0bd0-429c-ab0c-66126501069a", - "innerTreeOnly": false, - "nodes": { - "295a70ba-2b67-4a48-bf13-237ce0a55450": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 488, - "y": 57.890625, - }, - "4a77788d-d443-4646-ac52-5cb9f2207a8a": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 494, - "y": 458.890625, - }, - "5883ff1e-80dd-49f5-a609-120303e1b0cd": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 446, - "y": 298.890625, - }, - "59129227-f192-4ff4-a7b4-bc7690b82d4f": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 482, - "y": 220.890625, - }, - "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 461, - "y": 369.890625, - }, - "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { - "connections": {}, - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - "x": 499, - "y": 139.890625, - }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 50, - "y": 117, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 152, - "y": 25, - }, - "startNode": { - "x": 50, - "y": 25, - }, - }, - "uiConfig": {}, + "deviceBindingAttrName": "boundDevices", + "deviceBindingSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceBindingSettingsEncryptionKeystorePassword": null, + "deviceBindingSettingsEncryptionKeystoreType": "JKS", + "deviceBindingSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceIdService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "deviceIdService": { + "_id": "", + "_type": { + "_id": "deviceIdService", + "collection": false, + "name": "Device ID Service", }, + "deviceIdAttrName": "devicePrintProfiles", + "deviceIdSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceIdSettingsEncryptionKeystorePassword": null, + "deviceIdSettingsEncryptionKeystoreType": "JKS", + "deviceIdSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/test.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceProfilesService.service.json 1`] = ` { "meta": Any, - "trees": { - "test": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": {}, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "test", - "enabled": true, - "entryNodeId": "d26176be-ea6f-4f2a-81cd-3d41dd6cee4d", - "innerTreeOnly": false, - "nodes": {}, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 50, - "y": 117, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 152, - "y": 25, - }, - "startNode": { - "x": 50, - "y": 25, - }, - }, - "uiConfig": {}, + "service": { + "deviceProfilesService": { + "_id": "", + "_type": { + "_id": "deviceProfilesService", + "collection": false, + "name": "Device Profiles Service", }, + "deviceProfilesAttrName": "deviceProfiles", + "deviceProfilesSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", + "deviceProfilesSettingsEncryptionKeystorePassword": null, + "deviceProfilesSettingsEncryptionKeystoreType": "JKS", + "deviceProfilesSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/journey/webauthn_registration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/email.service.json 1`] = ` { "meta": Any, - "trees": { - "webauthn_registration": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "08faa9c0-7c19-454a-a4e1-0692d94615f6": { - "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - "3334a349-b2ea-42e0-86b8-9f6c39d43dad": { - "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, + "service": { + "email": { + "_id": "", + "_type": { + "_id": "email", + "collection": false, + "name": "Email Service", }, - "nodes": { - "72ef6e1d-930c-4bed-922a-850815d98ea1": { - "_id": "72ef6e1d-930c-4bed-922a-850815d98ea1", - "_outcomes": [ - { - "displayName": "Unsupported", - "id": "unsupported", - }, - { - "displayName": "Success", - "id": "success", - }, - { - "displayName": "Failure", - "id": "failure", - }, - { - "displayName": "Client Error", - "id": "error", - }, - ], - "_type": { - "_id": "WebAuthnRegistrationNode", - "collection": true, - "name": "WebAuthn Registration Node", - }, - "acceptedSigningAlgorithms": [ - "ES256", - "RS256", - ], - "asScript": true, - "attestationPreference": "NONE", - "authenticatorAttachment": "UNSPECIFIED", - "enforceRevocationCheck": false, - "excludeCredentials": false, - "generateRecoveryCodes": true, - "maxSavedDevices": 0, - "origins": [], - "postponeDeviceProfileStorage": false, - "relyingPartyName": "ForgeRock", - "requiresResidentKey": false, - "storeAttestationDataInTransientState": false, - "timeout": 60, - "trustStoreAlias": "trustalias", - "userVerificationRequirement": "PREFERRED", - }, - "807106ff-fb66-469e-93bb-4e0834f6c875": { - "_id": "807106ff-fb66-469e-93bb-4e0834f6c875", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": {}, - "pageHeader": {}, - }, - "878eb28e-41b2-4bd7-9256-80ed427bd168": { - "_id": "878eb28e-41b2-4bd7-9256-80ed427bd168", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], + "emailAddressAttribute": "mail", + "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", + "emailRateLimitSeconds": 1, + "location": "/", + "nextDescendents": [], + "port": 465, + "sslState": "SSL", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/id-repositories.service.json 1`] = ` +{ + "meta": Any, + "service": { + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "location": "/", + "nextDescendents": [ + { + "_id": "embedded", "_type": { - "_id": "DataStoreDecisionNode", + "_id": "LDAPv3ForOpenDS", "collection": true, - "name": "Data Store Decision", + "name": "OpenDJ", }, - }, - "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { - "_id": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", - "_outcomes": [ - { - "displayName": "Unsupported", - "id": "unsupported", - }, - { - "displayName": "No Device Registered", - "id": "noDevice", - }, - { - "displayName": "Success", - "id": "success", - }, - { - "displayName": "Failure", - "id": "failure", - }, - { - "displayName": "Client Error", - "id": "error", - }, - ], - "_type": { - "_id": "WebAuthnAuthenticationNode", - "collection": true, - "name": "WebAuthn Authentication Node", + "authentication": { + "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", }, - "asScript": true, - "isRecoveryCodeAllowed": false, - "origins": [], - "requiresResidentKey": false, - "timeout": 60, - "userVerificationRequirement": "PREFERRED", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "webauthn_registration", - "enabled": true, - "entryNodeId": "807106ff-fb66-469e-93bb-4e0834f6c875", - "innerTreeOnly": false, - "nodes": { - "72ef6e1d-930c-4bed-922a-850815d98ea1": { - "connections": { - "error": "e301438c-0bd0-429c-ab0c-66126501069a", - "failure": "e301438c-0bd0-429c-ab0c-66126501069a", - "success": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", - "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", - }, - "displayName": "WebAuthn Registration Node", - "nodeType": "WebAuthnRegistrationNode", - "x": 629, - "y": 266, + "cachecontrol": { + "sun-idrepo-ldapv3-dncache-enabled": true, + "sun-idrepo-ldapv3-dncache-size": 1500, }, - "807106ff-fb66-469e-93bb-4e0834f6c875": { - "connections": { - "outcome": "878eb28e-41b2-4bd7-9256-80ed427bd168", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 192, - "y": 156, + "errorhandling": { + "com.iplanet.am.ldap.connection.delay.between.retries": 1000, }, - "878eb28e-41b2-4bd7-9256-80ed427bd168": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 396, - "y": 157, + "groupconfig": { + "sun-idrepo-ldapv3-config-group-attributes": [ + "dn", + "cn", + "uniqueMember", + "objectclass", + ], + "sun-idrepo-ldapv3-config-group-container-name": "ou", + "sun-idrepo-ldapv3-config-group-container-value": "groups", + "sun-idrepo-ldapv3-config-group-objectclass": [ + "top", + "groupofuniquenames", + ], + "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", + "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", + "sun-idrepo-ldapv3-config-memberurl": "memberUrl", + "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", }, - "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { - "connections": { - "error": "e301438c-0bd0-429c-ab0c-66126501069a", - "failure": "e301438c-0bd0-429c-ab0c-66126501069a", - "noDevice": "72ef6e1d-930c-4bed-922a-850815d98ea1", - "success": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", - }, - "displayName": "WebAuthn Authentication Node", - "nodeType": "WebAuthnAuthenticationNode", - "x": 608, - "y": 24, + "ldapsettings": { + "openam-idrepo-ldapv3-affinity-level": "all", + "openam-idrepo-ldapv3-behera-support-enabled": true, + "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, + "openam-idrepo-ldapv3-heartbeat-interval": 10, + "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", + "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", + "openam-idrepo-ldapv3-mtls-enabled": false, + "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, + "openam-idrepo-ldapv3-proxied-auth-enabled": false, + "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", + "sun-idrepo-ldapv3-config-authpw": null, + "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", + "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, + "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, + "sun-idrepo-ldapv3-config-ldap-server": [ + "localhost:50636", + "localhost:50636|01", + ], + "sun-idrepo-ldapv3-config-max-result": 1000, + "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", + "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-time-limit": 10, + "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, }, - }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 1200, - "y": 34, + "persistentsearch": { + "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", + "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 1206, - "y": 135, + "pluginconfig": { + "sunIdRepoAttributeMapping": [], + "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", + "sunIdRepoSupportedOperations": [ + "realm=read,create,edit,delete,service", + "user=read,create,edit,delete,service", + "group=read,create,edit,delete", + ], }, - "startNode": { - "x": 76, - "y": 98, + "userconfig": { + "sun-idrepo-ldapv3-config-active": "Active", + "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ + "kbaInfoAttempts", + ], + "sun-idrepo-ldapv3-config-auth-kba-attr": [ + "kbaInfo", + ], + "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", + "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ + "cn", + "sn", + ], + "sun-idrepo-ldapv3-config-inactive": "Inactive", + "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", + "sun-idrepo-ldapv3-config-people-container-name": "ou", + "sun-idrepo-ldapv3-config-people-container-value": "people", + "sun-idrepo-ldapv3-config-user-attributes": [ + "iplanet-am-auth-configuration", + "iplanet-am-user-alias-list", + "iplanet-am-user-password-reset-question-answer", + "mail", + "assignedDashboard", + "authorityRevocationList", + "dn", + "iplanet-am-user-password-reset-options", + "employeeNumber", + "createTimestamp", + "kbaActiveIndex", + "caCertificate", + "iplanet-am-session-quota-limit", + "iplanet-am-user-auth-config", + "sun-fm-saml2-nameid-infokey", + "sunIdentityMSISDNNumber", + "iplanet-am-user-password-reset-force-reset", + "sunAMAuthInvalidAttemptsData", + "devicePrintProfiles", + "givenName", + "iplanet-am-session-get-valid-sessions", + "objectClass", + "adminRole", + "inetUserHttpURL", + "lastEmailSent", + "iplanet-am-user-account-life", + "postalAddress", + "userCertificate", + "preferredtimezone", + "iplanet-am-user-admin-start-dn", + "boundDevices", + "oath2faEnabled", + "preferredlanguage", + "sun-fm-saml2-nameid-info", + "userPassword", + "iplanet-am-session-service-status", + "telephoneNumber", + "iplanet-am-session-max-idle-time", + "distinguishedName", + "iplanet-am-session-destroy-sessions", + "kbaInfoAttempts", + "modifyTimestamp", + "uid", + "iplanet-am-user-success-url", + "iplanet-am-user-auth-modules", + "kbaInfo", + "memberOf", + "sn", + "preferredLocale", + "manager", + "iplanet-am-session-max-session-time", + "deviceProfiles", + "cn", + "oathDeviceProfiles", + "webauthnDeviceProfiles", + "iplanet-am-user-login-status", + "pushDeviceProfiles", + "push2faEnabled", + "inetUserStatus", + "retryLimitNodeCount", + "iplanet-am-user-failure-url", + "iplanet-am-session-max-caching-time", + "thingType", + "thingKeys", + "thingOAuth2ClientName", + "thingConfig", + "thingProperties", + ], + "sun-idrepo-ldapv3-config-user-objectclass": [ + "iplanet-am-managed-person", + "inetuser", + "sunFMSAML2NameIdentifier", + "inetorgperson", + "devicePrintProfilesContainer", + "boundDevicesContainer", + "iplanet-am-user-service", + "iPlanetPreferences", + "pushDeviceProfilesContainer", + "forgerock-am-dashboard-service", + "organizationalperson", + "top", + "kbaInfoContainer", + "person", + "sunAMAuthAccountLockout", + "oathDeviceProfilesContainer", + "webauthnDeviceProfilesContainer", + "iplanet-am-auth-configuration-service", + "deviceProfilesContainer", + "fr-iot", + ], + "sun-idrepo-ldapv3-config-users-search-attribute": "uid", + "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", }, }, - "uiConfig": {}, - }, + ], + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/oauth2.app/test-client.oauth2.app.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/iot.service.json 1`] = ` { - "application": { - "test client": { - "_id": "test client", - "_provider": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": false, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:token-exchange", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "changeme", - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "[Empty]", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - ], - "supportedScopes": [], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": false, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": false, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", - }, + "meta": Any, + "service": { + "iot": { + "_id": "", + "_type": { + "_id": "iot", + "collection": false, + "name": "IoT Service", }, + "attributeAllowlist": [ + "thingConfig", + ], + "createOAuthClient": false, + "createOAuthJwtIssuer": false, + "location": "/", + "nextDescendents": [], + "oauthClientName": "forgerock-iot-oauth2-client", + "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/oauth-oidc.service.json 1`] = ` +{ + "meta": Any, + "service": { + "oauth-oidc": { + "_id": "", "_type": { - "_id": "OAuth2Client", - "collection": true, - "name": "OAuth2 Clients", + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", }, - "advancedOAuth2ClientConfig": { - "clientUri": [], - "contacts": [], - "customProperties": [], - "descriptions": [], + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", ], - "isConsentImplied": false, - "javascriptOrigins": [], - "logoUri": [], - "mixUpMitigation": false, - "name": [], - "policyUri": [], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], "refreshTokenGracePeriod": 0, - "requestUris": [], - "require_pushed_authorization_requests": false, - "responseTypes": [ - "code", - "token", - "id_token", - "code token", - "token id_token", - "code id_token", - "code token id_token", - "device_code", - "device_code id_token", + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", ], - "sectorIdentifierUri": null, - "softwareIdentity": null, - "softwareVersion": null, - "subjectType": "public", - "tokenEndpointAuthMethod": "client_secret_basic", - "tokenExchangeAuthLevel": 0, - "tosURI": [], - "updateAccessToken": null, }, - "coreOAuth2ClientConfig": { - "accessTokenLifetime": 0, - "agentgroup": null, - "authorizationCodeLifetime": 0, - "clientName": [], - "clientType": "Confidential", - "defaultScopes": [], - "loopbackInterfaceRedirection": false, - "redirectionUris": [], - "refreshTokenLifetime": 0, - "scopes": [], - "secretLabelIdentifier": null, - "status": "Active", + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, }, - "coreOpenIDClientConfig": { - "backchannel_logout_session_required": false, - "backchannel_logout_uri": null, - "claims": [], - "clientSessionUri": null, - "defaultAcrValues": [], - "defaultMaxAge": 600, - "defaultMaxAgeEnabled": false, - "jwtTokenLifetime": 0, - "postLogoutRedirectUri": [], + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], }, - "coreUmaClientConfig": { - "claimsRedirectionUris": [], + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], }, - "overrideOAuth2ClientConfig": { - "accessTokenMayActScript": "[Empty]", - "accessTokenModificationPluginType": "PROVIDER", - "accessTokenModificationScript": "[Empty]", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "PROVIDER", - "authorizeEndpointDataProviderScript": "[Empty]", + "consent": { "clientsCanSkipConsent": false, "enableRemoteConsent": false, - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "PROVIDER", - "evaluateScopeScript": "[Empty]", + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, "issueRefreshToken": true, "issueRefreshTokenOnRefreshedToken": true, - "oidcClaimsPluginType": "PROVIDER", - "oidcClaimsScript": "[Empty]", + "macaroonTokensEnabled": false, "oidcMayActScript": "[Empty]", - "overrideableOIDCClaims": [], - "providerOverridesEnabled": false, - "remoteConsentServiceId": null, + "refreshTokenLifetime": 604800, "scopesPolicySet": "oauth2Scopes", "statelessTokensEnabled": false, - "tokenEncryptionEnabled": false, - "useForceAuthnForMaxAge": false, "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "location": "/", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "PROVIDER", - "validateScopeScript": "[Empty]", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", }, - "signEncOAuth2ClientConfig": { - "authorizationResponseEncryptionAlgorithm": null, - "authorizationResponseEncryptionMethod": null, - "authorizationResponseSigningAlgorithm": "RS256", - "clientJwtPublicKey": null, - "idTokenEncryptionAlgorithm": "RSA-OAEP-256", - "idTokenEncryptionEnabled": false, - "idTokenEncryptionMethod": "A128CBC-HS256", - "idTokenPublicEncryptionKey": null, - "idTokenSignedResponseAlg": "RS256", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "mTLSCertificateBoundAccessTokens": false, - "mTLSSubjectDN": null, - "mTLSTrustedCert": null, - "publicKeyLocation": "jwks_uri", - "requestParameterEncryptedAlg": null, - "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", - "requestParameterSignedAlg": null, - "tokenEndpointAuthSigningAlgorithm": "RS256", - "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", - "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "tokenIntrospectionResponseFormat": "JSON", - "tokenIntrospectionSignedResponseAlg": "RS256", - "userinfoEncryptedResponseAlg": null, - "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", - "userinfoResponseFormat": "JSON", - "userinfoSignedResponseAlg": null, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pingOneWorkerService.service.json 1`] = ` +{ + "meta": Any, + "service": { + "pingOneWorkerService": { + "_id": "", + "_type": { + "_id": "pingOneWorkerService", + "collection": false, + "name": "PingOne Worker Service", }, + "enabled": true, + "location": "/", + "nextDescendents": [], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policy/Test-Policy.policy.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/policyconfiguration.service.json 1`] = ` { "meta": Any, - "policy": { - "Test Policy": { - "_id": "Test Policy", - "actionValues": {}, - "active": true, - "applicationName": "iPlanetAMWebAgentService", - "createdBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": "2024-06-27T17:07:04.220Z", - "description": "", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": "2024-10-09T21:36:26.771Z", - "name": "Test Policy", - "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - "resources": [ - "*://*:*/*?*", - ], - "subject": { - "subjects": [ - { - "type": "NONE", - }, - { - "subjectValues": [ - "id=phales,ou=user,dc=openam,dc=forgerock,dc=org", - ], - "type": "Identity", - }, - ], - "type": "AND", + "service": { + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", }, + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "location": "/", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/iPlanetAMWebAgentService.policyset.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pushNotification.service.json 1`] = ` { "meta": Any, - "policyset": { - "iPlanetAMWebAgentService": { - "applicationType": "iPlanetAMWebAgentService", - "attributeNames": [], - "conditions": [ - "AND", - "OR", - "NOT", - "AMIdentityMembership", - "AuthLevel", - "LEAuthLevel", - "AuthScheme", - "AuthenticateToRealm", - "AuthenticateToService", - "IPv4", - "IPv6", - "LDAPFilter", - "OAuth2Scope", - "ResourceEnvIP", - "Session", - "SessionProperty", - "SimpleTime", - "Script", - "Transaction", - ], - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1718897366825, - "description": "The built-in Application used by OpenAM Policy Agents.", - "displayName": "Default Policy Set", - "editable": true, - "entitlementCombiner": "DenyOverride", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786744, - "name": "iPlanetAMWebAgentService", - "resourceComparator": null, - "resourceTypeUuids": [ - "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - ], - "saveIndex": null, - "searchIndex": null, - "subjects": [ - "AND", - "OR", - "NOT", - "AuthenticatedUsers", - "Identity", - "JwtClaim", - "NONE", - ], + "service": { + "pushNotification": { + "_id": "", + "_type": { + "_id": "pushNotification", + "collection": false, + "name": "Push Notification Service", + }, + "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", + "location": "/", + "mdCacheSize": 10000, + "mdConcurrency": 16, + "mdDuration": 120, + "nextDescendents": [], + "region": "us-east-1", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/policyset/oauth2Scopes.policyset.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/security.service.json 1`] = ` { "meta": Any, - "policyset": { - "oauth2Scopes": { - "applicationType": "iPlanetAMWebAgentService", - "attributeNames": [], - "conditions": [ - "AND", - "OR", - "NOT", - "AMIdentityMembership", - "AuthLevel", - "LEAuthLevel", - "AuthScheme", - "AuthenticateToRealm", - "AuthenticateToService", - "IPv4", - "IPv6", - "LDAPFilter", - "OAuth2Scope", - "ResourceEnvIP", - "Session", - "SessionProperty", - "SimpleTime", - "Script", - "Transaction", - ], - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1718897366918, - "description": "The built-in Application used by the OAuth2 scope authorization process.", - "displayName": "Default OAuth2 Scopes Policy Set", - "editable": true, - "entitlementCombiner": "DenyOverride", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786761, - "name": "oauth2Scopes", - "resourceComparator": null, - "resourceTypeUuids": [ - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - ], - "saveIndex": null, - "searchIndex": null, - "subjects": [ - "AND", - "OR", - "NOT", - "AuthenticatedUsers", - "Identity", - "JwtClaim", - "NONE", - ], + "service": { + "security": { + "_id": "", + "_type": { + "_id": "security", + "collection": false, + "name": "Legacy User Self Service", + }, + "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", + "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "forgotPasswordEnabled": false, + "forgotPasswordTokenLifetime": 900, + "location": "/", + "nextDescendents": [], + "protectedUserAttributes": [], + "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "selfRegistrationEnabled": false, + "selfRegistrationTokenLifetime": 900, + "selfServiceEnabled": false, + "userRegisteredDestination": "default", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfService.service.json 1`] = ` { "meta": Any, - "resourcetype": { - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { - "actions": { - "GRANT": true, + "service": { + "selfService": { + "_id": "", + "_type": { + "_id": "selfService", + "collection": false, + "name": "User Self-Service", + }, + "advancedConfig": { + "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", + "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", + "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", + "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", + "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", + }, + "forgottenPassword": { + "forgottenPasswordCaptchaEnabled": false, + "forgottenPasswordEmailBody": [ + "en|

Click on this link to reset your password.

", + ], + "forgottenPasswordEmailSubject": [ + "en|Forgotten password email", + ], + "forgottenPasswordEmailVerificationEnabled": true, + "forgottenPasswordEnabled": false, + "forgottenPasswordKbaEnabled": false, + "forgottenPasswordTokenPaddingLength": 450, + "forgottenPasswordTokenTTL": 300, + "numberOfAllowedAttempts": 1, + "numberOfAttemptsEnforced": false, + }, + "forgottenUsername": { + "forgottenUsernameCaptchaEnabled": false, + "forgottenUsernameEmailBody": [ + "en|

Your username is %username%.

", + ], + "forgottenUsernameEmailSubject": [ + "en|Forgotten username email", + ], + "forgottenUsernameEmailUsernameEnabled": true, + "forgottenUsernameEnabled": false, + "forgottenUsernameKbaEnabled": false, + "forgottenUsernameShowUsernameEnabled": false, + "forgottenUsernameTokenTTL": 300, + }, + "generalConfig": { + "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", + "kbaQuestions": [ + "4|en|What is your mother's maiden name?", + "3|en|What was the name of your childhood pet?", + "2|en|What was the model of your first car?", + "1|en|What is the name of your favourite restaurant?", + ], + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "validQueryAttributes": [ + "uid", + "mail", + "givenName", + "sn", + ], + }, + "location": "/", + "nextDescendents": [], + "profileManagement": { + "profileAttributeWhitelist": [ + "uid", + "telephoneNumber", + "mail", + "kbaInfo", + "givenName", + "sn", + "cn", + ], + "profileProtectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + }, + "userRegistration": { + "userRegisteredDestination": "default", + "userRegistrationCaptchaEnabled": false, + "userRegistrationEmailBody": [ + "en|

Click on this link to register.

", + ], + "userRegistrationEmailSubject": [ + "en|Registration email", + ], + "userRegistrationEmailVerificationEnabled": true, + "userRegistrationEmailVerificationFirstEnabled": false, + "userRegistrationEnabled": false, + "userRegistrationKbaEnabled": false, + "userRegistrationTokenTTL": 300, + "userRegistrationValidUserAttributes": [ + "userPassword", + "mail", + "givenName", + "kbaInfo", + "inetUserStatus", + "sn", + "username", + ], }, - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1517161800564, - "description": "The built-in OAuth2 Scope Resource Type for OAuth2 policy-provided scope.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786611, - "name": "OAuth2 Scope", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - "*", - ], - "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/resourcetype/URL.resourcetype.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfServiceTrees.service.json 1`] = ` { "meta": Any, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, + "service": { + "selfServiceTrees": { + "_id": "", + "_type": { + "_id": "selfServiceTrees", + "collection": false, + "name": "Self Service Trees", + }, + "enabled": true, + "location": "/", + "nextDescendents": [], + "treeMapping": { + "forgottenUsername": "PlatformForgottenUsername", + "registration": "PlatformRegistration", + "resetPassword": "PlatformResetPassword", + "updatePassword": "PlatformUpdatePassword", }, - "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", - "creationDate": 1422892465848, - "description": "The built-in URL Resource Type available to OpenAM Policies.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509786629, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/saml/Test-Entity.saml.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/socialauthentication.service.json 1`] = ` { "meta": Any, - "saml": { - "cot": {}, - "hosted": { - "VGVzdCBFbnRpdHk": { - "_id": "VGVzdCBFbnRpdHk", - "entityId": "Test Entity", - "identityProvider": { - "advanced": { - "ecpConfiguration": { - "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", - }, - "idpAdapter": { - "idpAdapterScript": "[Empty]", - }, - "idpFinderImplementation": {}, - "relayStateUrlList": {}, - "saeConfiguration": { - "idpUrl": "http://localhost:8080/am/idpsaehandler/metaAlias/test", - }, - "sessionSynchronization": {}, - }, - "assertionContent": { - "assertionCache": {}, - "assertionTime": { - "effectiveTime": 600, - "notBeforeTimeSkew": 600, - }, - "authenticationContext": { - "authContextItems": [ - { - "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "level": 0, - }, - ], - "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", - }, - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - ], - "nameIdValueMap": [ - { - "binary": false, - "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "value": "mail", - }, - ], - }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, - }, - }, - "assertionProcessing": { - "accountMapper": { - "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", - }, - "attributeMapper": { - "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", - "attributeMapperScript": "[Empty]", - }, - "localConfiguration": {}, - }, - "services": { - "assertionIdRequest": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/AIDReqSoap/IDPRole/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", - "location": "http://localhost:8080/am/AIDReqUri/IDPRole/metaAlias/test", - }, - ], - "metaAlias": "/test", - "nameIdMapping": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/NIMSoap/metaAlias/test", - }, - ], - "serviceAttributes": { - "artifactResolutionService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/ArtifactResolver/metaAlias/test", - }, - ], - "nameIdService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/IDPMniSoap/metaAlias/test", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", - "responseLocation": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/IDPSloSoap/metaAlias/test", - }, - ], - "singleSignOnService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/SSORedirect/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/SSOPOST/metaAlias/test", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/SSOSoap/metaAlias/test", - }, - ], - }, - }, - }, - "serviceProvider": { - "advanced": { - "ecpConfiguration": { - "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", - }, - "idpProxy": {}, - "relayStateUrlList": {}, - "saeConfiguration": { - "spUrl": "http://localhost:8080/am/spsaehandler/metaAlias/test2", - }, - }, - "assertionContent": { - "assertionTimeSkew": 300, - "authenticationContext": { - "authContextItems": [ - { - "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", - "defaultItem": true, - "level": 0, - }, - ], - "authenticationComparisonType": "Exact", - "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", - "includeRequestedAuthenticationContext": true, - }, - "basicAuthentication": {}, - "nameIdFormat": { - "nameIdFormatList": [ - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - ], - }, - "signingAndEncryption": { - "encryption": {}, - "requestResponseSigning": {}, - "secretIdAndAlgorithms": {}, - }, - }, - "assertionProcessing": { - "accountMapping": { - "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", - }, - "adapter": { - "spAdapterScript": "[Empty]", - }, - "attributeMapper": { - "attributeMap": [ - { - "key": "*", - "value": "*", - }, - ], - "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", - }, - "autoFederation": {}, - "responseArtifactMessageEncoding": { - "encoding": "URI", - }, - "url": {}, - }, - "services": { - "metaAlias": "/test2", - "serviceAttributes": { - "assertionConsumerService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", - "index": 0, - "isDefault": true, - "location": "http://localhost:8080/am/Consumer/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "index": 1, - "isDefault": false, - "location": "http://localhost:8080/am/Consumer/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", - "index": 2, - "isDefault": false, - "location": "http://localhost:8080/am/Consumer/ECP/metaAlias/test2", - }, - ], - "nameIdService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", - }, - ], - "singleLogoutService": [ - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", - "location": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", - "location": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", - "responseLocation": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", - }, - { - "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", - "location": "http://localhost:8080/am/SPSloSoap/metaAlias/test2", - }, - ], - }, - }, - }, + "service": { + "socialauthentication": { + "_id": "", + "_type": { + "_id": "socialauthentication", + "collection": false, + "name": "Social Authentication Implementations", }, + "authenticationChains": {}, + "displayNames": {}, + "enabledKeys": [], + "icons": {}, + "location": "/", + "nextDescendents": [], }, - "metadata": { - "VGVzdCBFbnRpdHk": [ - "", - "", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " PGNlcnRpZmljYXRlPg==", - " ", - " ", - " ", - " ", - " ", - " ", - " 128", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " ", - " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", - " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", - " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", - " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", - " ", - " ", - " ", - " ", - "", - "", - "", - ], - }, - "remote": {}, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.js 1`] = ` -"/* - * Copyright 2014-2020 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ -import com.iplanet.sso.SSOException -import com.sun.identity.idm.IdRepoException -import org.forgerock.oauth2.core.exceptions.InvalidRequestException -import org.forgerock.oauth2.core.UserInfoClaims -import org.forgerock.openidconnect.Claim - -/* -* Defined variables: -* logger - always presents, the "OAuth2Provider" debug logger instance -* claims - always present, default server provided claims - Map -* claimObjects - always present, default server provided claims - List -* session - present if the request contains the session cookie, the user's session object -* identity - always present, the identity of the resource owner -* scopes - always present, the requested scopes -* scriptName - always present, the display name of the script -* requestProperties - always present, contains a map of request properties: -* requestUri - the request URI -* realm - the realm that the request relates to -* requestParams - a map of the request params and/or posted data. Each value is a list of one or -* more properties. Please note that these should be handled in accordance with OWASP best practices. -* clientProperties - present if the client specified in the request was identified, contains a map of client -* properties: -* clientId - the client's Uri for the request locale -* allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) -* for the client -* allowedResponseTypes - list of the allowed response types for the client -* allowedScopes - list of the allowed scopes for the client -* customProperties - A map of the custom properties of the client. -* Lists or maps will be included as sub-maps, e.g: -* testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 -* requestedClaims - Map> -* always present, not empty if the request contains a claims parameter and server has enabled -* claims_parameter_supported, map of requested claims to possible values, otherwise empty, -* requested claims with no requested values will have a key but no value in the map. A key with -* a single value in its Set indicates this is the only value that should be returned. -* requestedTypedClaims - List -* always present, not empty if the request contains a claims parameter and server has enabled -* claims_parameter_supported, list of requested claims with claim name, requested possible values -* and if claim is essential, otherwise empty, -* requested claims with no requested values will have a claim with no values. A claims with -* a single value indicates this is the only value that should be returned. -* claimsLocales - the values from the 'claims_locales' parameter - List -* Required to return a Map of claims to be added to the id_token claims -* -* Expected return value structure: -* UserInfoClaims { -* Map values; // The values of the claims for the user information -* Map> compositeScopes; // Mapping of scope name to a list of claim names. -* } -*/ - -// user session not guaranteed to be present -boolean sessionPresent = session != null - -/* - * Pulls first value from users profile attribute - * - * @param claim The claim object. - * @param attr The profile attribute name. - */ -def fromSet = { claim, attr -> - if (attr != null && attr.size() == 1){ - attr.iterator().next() - } else if (attr != null && attr.size() > 1){ - attr - } else if (logger.warningEnabled()) { - logger.warning("OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim"); - } -} - -// ---vvvvvvvvvv--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---vvvvvvvvvv--- -/* - * Claim resolver which resolves the value of the claim from its requested values. - * - * This resolver will return a value if the claim has one requested values, otherwise an exception is thrown. - */ -defaultClaimResolver = { claim -> - if (claim.getValues().size() == 1) { - [(claim.getName()): claim.getValues().iterator().next()] - } else { - [:] - } -} - -/* - * Claim resolver which resolves the value of the claim by looking up the user's profile. - * - * This resolver will return a value for the claim if: - * # the user's profile attribute is not null - * # AND the claim contains no requested values - * # OR the claim contains requested values and the value from the user's profile is in the list of values - * - * If no match is found an exception is thrown. - */ -userProfileClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { - return [(claim.getName()): userProfileValue] - } - } - [:] -} - -/* - * Claim resolver which resolves the value of the claim of the user's address. - * - * This resolver will return a value for the claim if: - * # the value of the address is not null - * - */ -userAddressClaimResolver = { claim, identity -> - if (identity != null) { - addressFormattedValue = fromSet(claim.getName(), identity.getAttribute("postaladdress")) - if (addressFormattedValue != null) { - return [ - "formatted" : addressFormattedValue - ] - } - } - [:] -} - -/* - * Claim resolver which resolves the value of the claim by looking up the user's profile. - * - * This resolver will return a value for the claim if: - * # the user's profile attribute is not null - * # AND the claim contains no requested values - * # OR the claim contains requested values and the value from the user's profile is in the list of values - * - * If the claim is essential and no value is found an InvalidRequestException will be thrown and returned to the user. - * If no match is found an exception is thrown. - */ -essentialClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (claim.isEssential() && (userProfileValue == null || userProfileValue.isEmpty())) { - throw new InvalidRequestException("Could not provide value for essential claim $claim") - } - if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { - return [(claim.getName()): userProfileValue] - } - } - return [:] -} - -/* - * Claim resolver which expects the user's profile attribute value to be in the following format: - * "language_tag|value_for_language,...". - * - * This resolver will take the list of requested languages from the 'claims_locales' authorize request - * parameter and attempt to match it to a value from the users' profile attribute. - * If no match is found an exception is thrown. - */ -claimLocalesClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (userProfileValue != null) { - localeValues = parseLocaleAwareString(userProfileValue) - locale = claimsLocales.find { locale -> localeValues.containsKey(locale) } - if (locale != null) { - return [(claim.getName()): localeValues.get(locale)] - } - } - } - return [:] -} - -/* - * Claim resolver which expects the user's profile attribute value to be in the following format: - * "language_tag|value_for_language,...". - * - * This resolver will take the language tag specified in the claim object and attempt to match it to a value - * from the users' profile attribute. If no match is found an exception is thrown. - */ -languageTagClaimResolver = { attribute, claim, identity -> - if (identity != null) { - userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) - if (userProfileValue != null) { - localeValues = parseLocaleAwareString(userProfileValue) - if (claim.getLocale() != null) { - if (localeValues.containsKey(claim.getLocale())) { - return [(claim.getName()): localeValues.get(claim.getLocale())] - } else { - entry = localeValues.entrySet().iterator().next() - return [(claim.getName() + "#" + entry.getKey()): entry.getValue()] - } - } else { - entry = localeValues.entrySet().iterator().next() - return [(claim.getName()): entry.getValue()] - } - } - } - return [:] -} - -/* - * Given a string "en|English,jp|Japenese,fr_CA|French Canadian" will return map of locale -> value. - */ -parseLocaleAwareString = { s -> - return result = s.split(",").collectEntries { entry -> - split = entry.split("\\\\|") - [(split[0]): value = split[1]] - } -} -// ---^^^^^^^^^^--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---^^^^^^^^^^--- - -// -------------- UPDATE THIS TO CHANGE CLAIM TO ATTRIBUTE MAPPING FUNCTIONS --------------- -/* - * List of claim resolver mappings. - */ -// [ {claim}: {attribute retriever}, ... ] -claimAttributes = [ - "email": userProfileClaimResolver.curry("mail"), - "address": { claim, identity -> [ "address" : userAddressClaimResolver(claim, identity) ] }, - "phone_number": userProfileClaimResolver.curry("telephonenumber"), - "given_name": userProfileClaimResolver.curry("givenname"), - "zoneinfo": userProfileClaimResolver.curry("preferredtimezone"), - "family_name": userProfileClaimResolver.curry("sn"), - "locale": userProfileClaimResolver.curry("preferredlocale"), - "name": userProfileClaimResolver.curry("cn") -] - - -// -------------- UPDATE THIS TO CHANGE SCOPE TO CLAIM MAPPINGS -------------- -/* - * Map of scopes to claim objects. - */ -// {scope}: [ {claim}, ... ] -scopeClaimsMap = [ - "email": [ "email" ], - "address": [ "address" ], - "phone": [ "phone_number" ], - "profile": [ "given_name", "zoneinfo", "family_name", "locale", "name" ] -] - - -// ---------------- UPDATE BELOW FOR ADVANCED USAGES ------------------- -if (logger.messageEnabled()) { - scopes.findAll { s -> !("openid".equals(s) || scopeClaimsMap.containsKey(s)) }.each { s -> - logger.message("OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s") - } -} - -/* - * Computes the claims return key and value. The key may be a different value if the claim value is not in - * the requested language. - */ -def computeClaim = { claim -> - try { - claimResolver = claimAttributes.get(claim.getName(), { claimObj, identity -> defaultClaimResolver(claim)}) - claimResolver(claim, identity) - } catch (IdRepoException e) { - if (logger.warningEnabled()) { - logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); - } - } catch (SSOException e) { - if (logger.warningEnabled()) { - logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); - } - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/transaction.service.json 1`] = ` +{ + "meta": Any, + "service": { + "transaction": { + "_id": "", + "_type": { + "_id": "transaction", + "collection": false, + "name": "Transaction Authentication Service", + }, + "location": "/", + "nextDescendents": [], + "timeToLive": "180", + }, + }, } +`; -/* - * Converts requested scopes into claim objects based on the scope mappings in scopeClaimsMap. - */ -def convertScopeToClaims = { - scopes.findAll { scope -> "openid" != scope && scopeClaimsMap.containsKey(scope) }.collectMany { scope -> - scopeClaimsMap.get(scope).collect { claim -> - new Claim(claim) - } - } +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/user.service.json 1`] = ` +{ + "meta": Any, + "service": { + "user": { + "_id": "", + "_type": { + "_id": "user", + "collection": false, + "name": "User", + }, + "dynamic": { + "defaultUserStatus": "Active", + }, + "location": "/", + "nextDescendents": [], + }, + }, } +`; -// Creates a full list of claims to resolve from requested scopes, claims provided by AS and requested claims -def claimsToResolve = convertScopeToClaims() + claimObjects + requestedTypedClaims - -// Computes the claim return key and values for all requested claims -computedClaims = claimsToResolve.collectEntries() { claim -> - result = computeClaim(claim) +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/validation.service.json 1`] = ` +{ + "meta": Any, + "service": { + "validation": { + "_id": "", + "_type": { + "_id": "validation", + "collection": false, + "name": "Validation Service", + }, + "location": "/", + "nextDescendents": [], + "validGotoDestinations": [], + }, + }, } +`; -// Computes composite scopes -def compositeScopes = scopeClaimsMap.findAll { scope -> - scopes.contains(scope.key) +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectAttributes/undefined.subjectAttributes.json 1`] = ` +{ + "meta": Any, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, } - -return new UserInfoClaims((Map)computedClaims, (Map)compositeScopes) -" `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Legacy.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AND.subjectTypes.json 1`] = ` { "meta": Any, - "script": { - "1817cc25-fc84-4053-8f91-4ef130616e25": { - "_id": "1817cc25-fc84-4053-8f91-4ef130616e25", - "context": "OIDC_CLAIMS", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "evaluatorVersion": "1.0", - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Legacy", - "script": "file://Legacy.script.js", + "subjectTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.js 1`] = ` -"/* - * Copyright 2022-2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This is an example library script with methods that can be used in other scripts. - * To reference it, use the following: - * - * var library = require("Library Script"); - * - * library.logError(logger, "Error message"); - * library.logDebug(logger, "Debug message"); - */ - -function logError(log, errorMessage) { - log.error(errorMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "AuthenticatedUsers", + }, + }, } +`; -function logWarning(log, warningMessage) { - log.warn(warningMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Identity.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "Identity": { + "_id": "Identity", + "config": { + "properties": { + "subjectValues": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Identity", + }, + }, } +`; -exports.logError = logError; -exports.logWarning = logWarning; - -// Alternatively, exports can be declared using an inline arrow function +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "JwtClaim": { + "_id": "JwtClaim", + "config": { + "properties": { + "claimName": { + "type": "string", + }, + "claimValue": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "JwtClaim", + }, + }, +} +`; -exports.logInfo = (log, infoMessage) => log.info(infoMessage); -exports.logDebug = (log, debugMessage) => log.debug(debugMessage); -" +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NONE.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "NONE": { + "_id": "NONE", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "NONE", + }, + }, +} `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/NextGeneration.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NOT.subjectTypes.json 1`] = ` { "meta": Any, - "script": { - "31bd2ae6-c929-4547-b636-84b874715d60": { - "_id": "31bd2ae6-c929-4547-b636-84b874715d60", - "context": "LIBRARY", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "null", - "evaluatorVersion": "2.0", - "exports": [ - { - "arity": 2, - "id": "logError", - "type": "Function", - }, - { - "arity": 2, - "id": "logWarning", - "type": "Function", + "subjectTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "subject": { + "properties": {}, + "type": "object", + }, }, - { - "arity": 2, - "id": "logInfo", - "type": "Function", + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/OR.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "subjects": { + "type": "array", + }, }, - { - "arity": 2, - "id": "logDebug", - "type": "Function", + "type": "object", + }, + "logical": true, + "title": "OR", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Policy.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "name": { + "type": "string", + }, + "values": { + "items": { + "type": "string", + }, + "type": "array", + }, }, - ], - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "NextGeneration", - "script": "file://NextGeneration.script.js", + "type": "object", + }, + "logical": false, + "title": "Policy", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.js 1`] = ` -"/* - * Copyright 2022-2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/test-jwt-issuer.trustedJwtIssuer.json 1`] = ` +{ + "meta": Any, + "trustedJwtIssuer": { + "test-jwt-issuer": { + "_id": "test-jwt-issuer", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", + }, + "agentgroup": null, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": "hello", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", + }, + }, +} +`; -/* - * This is an example library script with methods that can be used in other scripts. - * To reference it, use the following: - * - * var library = require("Library Script"); - * - * library.logError(logger, "Error message"); - * library.logDebug(logger, "Debug message"); - */ +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/trusted-jwt.trustedJwtIssuer.json 1`] = ` +{ + "meta": Any, + "trustedJwtIssuer": { + "trusted jwt": { + "_id": "trusted jwt", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", + }, + "agentgroup": null, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", + }, + }, +} +`; -function logError(log, errorMessage) { - log.error(errorMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Cool-Webhook.webhookService.json 1`] = ` +{ + "meta": Any, + "webhookService": { + "Cool Webhook": { + "_id": "Cool Webhook", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "body": "body", + "headers": { + "accept": "*/*", + "cool": "test", + }, + "url": "test", + }, + }, } +`; -function logWarning(log, warningMessage) { - log.warn(warningMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Test-Webhook.webhookService.json 1`] = ` +{ + "meta": Any, + "webhookService": { + "Test Webhook": { + "_id": "Test Webhook", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "body": "hello", + "headers": { + "accept": "*/*", + }, + }, + }, } +`; -exports.logError = logError; -exports.logWarning = logWarning; +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/wsEntity/ws.wsEntity.json 1`] = ` +{ + "meta": Any, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, +} +`; -// Alternatively, exports can be declared using an inline arrow function +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` +{ + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", + }, + }, + "meta": Any, +} +`; -exports.logInfo = (log, infoMessage) => log.info(infoMessage); -exports.logDebug = (log, debugMessage) => log.debug(debugMessage); -" +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` +{ + "applicationTypes": { + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", + }, + }, + "meta": Any, +} `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/Test-Script.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` { + "applicationTypes": { + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", + }, + }, "meta": Any, - "script": { - "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede": { - "_id": "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede", - "context": "LIBRARY", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "Test script description", - "evaluatorVersion": "2.0", - "exports": [ - { - "arity": 2, - "id": "logError", - "type": "Function", - }, - { - "arity": 2, - "id": "logWarning", - "type": "Function", - }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authentication/root-first.authentication.settings.json 1`] = ` +{ + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/amsterService.authenticationChains.json 1`] = ` +{ + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ { - "arity": 2, - "id": "logInfo", - "type": "Function", + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/ldapService.authenticationChains.json 1`] = ` +{ + "authenticationChains": { + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ { - "arity": 2, - "id": "logDebug", - "type": "Function", + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, }, ], - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "Test Script", - "script": "file://Test-Script.script.js", + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.js 1`] = ` -"/* - * Copyright 2022-2023 ForgeRock AS. All Rights Reserved - * - * Use of this code requires a commercial software license with ForgeRock AS. - * or with one of its affiliates. All use shall be exclusively subject - * to such license between the licensee and ForgeRock AS. - */ - -/* - * This is an example library script with methods that can be used in other scripts. - * To reference it, use the following: - * - * var library = require("Library Script"); - * - * library.logError(logger, "Error message"); - * library.logDebug(logger, "Debug message"); - */ - -function logError(log, errorMessage) { - log.error(errorMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/amster.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster", + }, + "authenticationLevel": 0, + "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", + "enabled": true, + }, + }, + "meta": Any, } +`; -function logWarning(log, warningMessage) { - log.warn(warningMessage); +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/datastore.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store", + }, + "authenticationLevel": 0, + }, + }, + "meta": Any, } +`; -exports.logError = logError; -exports.logWarning = logWarning; - -// Alternatively, exports can be declared using an inline arrow function - -exports.logInfo = (log, infoMessage) => log.info(infoMessage); -exports.logDebug = (log, debugMessage) => log.debug(debugMessage); -" +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/federation.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation", + }, + "authenticationLevel": 0, + }, + }, + "meta": Any, +} `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/script/test-script-2.script.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/hotp.authenticationModules.json 1`] = ` { + "authenticationModules": { + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP", + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + }, "meta": Any, - "script": { - "9a7836ff-b597-4799-8a6f-306fdf40f238": { - "_id": "9a7836ff-b597-4799-8a6f-306fdf40f238", - "context": "LIBRARY", - "createdBy": "null", - "creationDate": 0, - "default": false, - "description": "This is a test script", - "evaluatorVersion": "2.0", - "exports": [ - { - "arity": 2, - "id": "logError", - "type": "Function", - }, - { - "arity": 2, - "id": "logWarning", - "type": "Function", - }, - { - "arity": 2, - "id": "logInfo", - "type": "Function", - }, - { - "arity": 2, - "id": "logDebug", - "type": "Function", - }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/ldap.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP", + }, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAPS", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", ], - "language": "JAVASCRIPT", - "lastModifiedBy": "null", - "lastModifiedDate": 0, - "name": "test script 2", - "script": "file://test-script-2.script.js", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-keystore.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/oath.authenticationModules.json 1`] = ` { - "meta": Any, - "secretstore": { - "default-keystore": { - "_id": "default-keystore", + "authenticationModules": { + "oath": { + "_id": "oath", "_type": { - "_id": "KeyStoreSecretStore", + "_id": "oath", "collection": true, - "name": "Keystore", + "name": "OATH", }, - "file": "/home/prestonhales/am/security/keystores/keystore.jceks", - "keyEntryPassword": "entrypass", - "leaseExpiryDuration": 5, - "mappings": [], - "providerName": "SunJCE", - "storePassword": "storepass", - "storetype": "JCEKS", + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/secretstore/default-passwords-store.secretstore.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/sae.authenticationModules.json 1`] = ` { - "meta": Any, - "secretstore": { - "default-passwords-store": { - "_id": "default-passwords-store", + "authenticationModules": { + "sae": { + "_id": "sae", "_type": { - "_id": "FileSystemSecretStore", + "_id": "sae", "collection": true, - "name": "File System Secret Volumes", + "name": "SAE", }, - "directory": "/home/prestonhales/am/security/secrets/encrypted", - "format": "ENCRYPTED_PLAIN", + "authenticationLevel": 0, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/IdentityAssertionService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` { + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", + }, + }, "meta": Any, - "service": { - "IdentityAssertionService": { - "_id": "", - "_type": { - "_id": "IdentityAssertionService", - "collection": false, - "name": "Identity Assertion Service", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AND.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", }, - "cacheDuration": 120, - "enable": true, - "location": "/", - "nextDescendents": [], + "logical": true, + "title": "AND", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/RemoteConsentService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` { + "conditionTypes": { + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthLevel", + }, + }, "meta": Any, - "service": { - "RemoteConsentService": { - "_id": "", - "_type": { - "_id": "RemoteConsentService", - "collection": false, - "name": "Remote Consent Service", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", + }, + "applicationName": { + "type": "string", + }, + "authScheme": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthScheme", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToService", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv4.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", }, - "consentResponseTimeLimit": 2, - "jwkStoreCacheMissCacheTime": 1, - "jwkStoreCacheTimeout": 5, - "location": "/", - "nextDescendents": [], + "logical": false, + "title": "IPv4", }, }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/SocialIdentityProviders.service.json 1`] = ` -{ "meta": Any, - "service": { - "SocialIdentityProviders": { - "_id": "", - "_type": { - "_id": "SocialIdentityProviders", - "collection": false, - "name": "Social Identity Provider Service", - }, - "enabled": true, - "location": "/", - }, - }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/amSessionPropertyWhitelist.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv6.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "amSessionPropertyWhitelist": { - "_id": "", - "_type": { - "_id": "amSessionPropertyWhitelist", - "collection": false, - "name": "Session Property Whitelist Service", + "conditionTypes": { + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", }, - "location": "/", - "nextDescendents": [], - "sessionPropertyWhitelist": [ - "AMCtxId", - ], - "whitelistedQueryProperties": [], + "logical": false, + "title": "IPv6", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/audit.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "audit": { - "_id": "", - "_type": { - "_id": "audit", - "collection": false, - "name": "Audit Logging", + "conditionTypes": { + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", + }, + }, + "type": "object", }, - "auditEnabled": true, - "blacklistFieldFilters": [], - "location": "/", - "nextDescendents": [], - "whitelistFieldFilters": [], + "logical": false, + "title": "LDAPFilter", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorOathService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "authenticatorOathService": { - "_id": "", - "_type": { - "_id": "authenticatorOathService", - "collection": false, - "name": "ForgeRock Authenticator (OATH) Service", + "conditionTypes": { + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", }, - "authenticatorOATHDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", - "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", - "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", - "authenticatorOATHSkippableName": "oath2faEnabled", - "location": "/", - "nextDescendents": [], - "oathAttrName": "oathDeviceProfiles", + "logical": false, + "title": "LEAuthLevel", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorPushService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/NOT.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "authenticatorPushService": { - "_id": "", - "_type": { - "_id": "authenticatorPushService", - "collection": false, - "name": "ForgeRock Authenticator (Push) Service", + "conditionTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", }, - "authenticatorPushDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", - "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", - "authenticatorPushSkippableName": "push2faEnabled", - "location": "/", - "nextDescendents": [], - "pushAttrName": "pushDeviceProfiles", + "logical": true, + "title": "NOT", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/authenticatorWebAuthnService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "authenticatorWebAuthnService": { - "_id": "", - "_type": { - "_id": "authenticatorWebAuthnService", - "collection": false, - "name": "WebAuthn Profile Encryption Service", + "conditionTypes": { + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", }, - "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jceks", - "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, - "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", - "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], - "webauthnAttrName": "webauthnDeviceProfiles", + "logical": false, + "title": "OAuth2Scope", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/baseurl.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OR.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "baseurl": { - "_id": "", - "_type": { - "_id": "baseurl", - "collection": false, - "name": "Base URL Source", + "conditionTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", }, - "contextPath": "/am", - "location": "/", - "nextDescendents": [], - "source": "REQUEST_VALUES", + "logical": true, + "title": "OR", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/dashboard.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Policy.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "dashboard": { - "_id": "", - "_type": { - "_id": "dashboard", - "collection": false, - "name": "Dashboard", + "conditionTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", }, - "assignedDashboard": [], - "location": "/", - "nextDescendents": [], + "logical": false, + "title": "Policy", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceBindingService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "deviceBindingService": { - "_id": "", - "_type": { - "_id": "deviceBindingService", - "collection": false, - "name": "Device Binding Service", + "conditionTypes": { + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", }, - "deviceBindingAttrName": "boundDevices", - "deviceBindingSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceBindingSettingsEncryptionKeystorePassword": null, - "deviceBindingSettingsEncryptionKeystoreType": "JKS", - "deviceBindingSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], + "logical": false, + "title": "ResourceEnvIP", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceIdService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Script.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "deviceIdService": { - "_id": "", - "_type": { - "_id": "deviceIdService", - "collection": false, - "name": "Device ID Service", + "conditionTypes": { + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", + }, + }, + "type": "object", }, - "deviceIdAttrName": "devicePrintProfiles", - "deviceIdSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceIdSettingsEncryptionKeystorePassword": null, - "deviceIdSettingsEncryptionKeystoreType": "JKS", - "deviceIdSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], + "logical": false, + "title": "Script", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/deviceProfilesService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Session.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "deviceProfilesService": { - "_id": "", - "_type": { - "_id": "deviceProfilesService", - "collection": false, - "name": "Device Profiles Service", + "conditionTypes": { + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", + }, + "terminateSession": { + "required": true, + "type": "boolean", + }, + }, + "type": "object", }, - "deviceProfilesAttrName": "deviceProfiles", - "deviceProfilesSettingsEncryptionKeystore": "/home/prestonhales/am/security/keystores/keystore.jks", - "deviceProfilesSettingsEncryptionKeystorePassword": null, - "deviceProfilesSettingsEncryptionKeystoreType": "JKS", - "deviceProfilesSettingsEncryptionScheme": "NONE", - "location": "/", - "nextDescendents": [], + "logical": false, + "title": "Session", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/email.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "email": { - "_id": "", - "_type": { - "_id": "email", - "collection": false, - "name": "Email Service", + "conditionTypes": { + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", }, - "emailAddressAttribute": "mail", - "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", - "emailRateLimitSeconds": 1, - "location": "/", - "nextDescendents": [], - "port": 465, - "sslState": "SSL", + "logical": false, + "title": "SessionProperty", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/id-repositories.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "id-repositories": { - "_id": "", - "_type": { - "_id": "id-repositories", - "collection": false, - "name": "sunIdentityRepositoryService", - }, - "location": "/", - "nextDescendents": [ - { - "_id": "embedded", - "_type": { - "_id": "LDAPv3ForOpenDS", - "collection": true, - "name": "OpenDJ", - }, - "authentication": { - "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", - }, - "cachecontrol": { - "sun-idrepo-ldapv3-dncache-enabled": true, - "sun-idrepo-ldapv3-dncache-size": 1500, + "conditionTypes": { + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", }, - "errorhandling": { - "com.iplanet.am.ldap.connection.delay.between.retries": 1000, + "endDay": { + "type": "string", }, - "groupconfig": { - "sun-idrepo-ldapv3-config-group-attributes": [ - "dn", - "cn", - "uniqueMember", - "objectclass", - ], - "sun-idrepo-ldapv3-config-group-container-name": "ou", - "sun-idrepo-ldapv3-config-group-container-value": "groups", - "sun-idrepo-ldapv3-config-group-objectclass": [ - "top", - "groupofuniquenames", - ], - "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", - "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", - "sun-idrepo-ldapv3-config-memberurl": "memberUrl", - "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", + "endTime": { + "type": "string", }, - "ldapsettings": { - "openam-idrepo-ldapv3-affinity-level": "all", - "openam-idrepo-ldapv3-behera-support-enabled": true, - "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, - "openam-idrepo-ldapv3-heartbeat-interval": 10, - "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", - "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", - "openam-idrepo-ldapv3-mtls-enabled": false, - "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, - "openam-idrepo-ldapv3-proxied-auth-enabled": false, - "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", - "sun-idrepo-ldapv3-config-authpw": null, - "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", - "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, - "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, - "sun-idrepo-ldapv3-config-ldap-server": [ - "localhost:50636", - "localhost:50636|01", - ], - "sun-idrepo-ldapv3-config-max-result": 1000, - "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", - "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-time-limit": 10, - "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + "enforcementTimeZone": { + "type": "string", }, - "persistentsearch": { - "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", - "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + "startDate": { + "type": "string", }, - "pluginconfig": { - "sunIdRepoAttributeMapping": [], - "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", - "sunIdRepoSupportedOperations": [ - "realm=read,create,edit,delete,service", - "user=read,create,edit,delete,service", - "group=read,create,edit,delete", - ], + "startDay": { + "type": "string", }, - "userconfig": { - "sun-idrepo-ldapv3-config-active": "Active", - "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ - "kbaInfoAttempts", - ], - "sun-idrepo-ldapv3-config-auth-kba-attr": [ - "kbaInfo", - ], - "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", - "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ - "cn", - "sn", - ], - "sun-idrepo-ldapv3-config-inactive": "Inactive", - "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", - "sun-idrepo-ldapv3-config-people-container-name": "ou", - "sun-idrepo-ldapv3-config-people-container-value": "people", - "sun-idrepo-ldapv3-config-user-attributes": [ - "iplanet-am-auth-configuration", - "iplanet-am-user-alias-list", - "iplanet-am-user-password-reset-question-answer", - "mail", - "assignedDashboard", - "authorityRevocationList", - "dn", - "iplanet-am-user-password-reset-options", - "employeeNumber", - "createTimestamp", - "kbaActiveIndex", - "caCertificate", - "iplanet-am-session-quota-limit", - "iplanet-am-user-auth-config", - "sun-fm-saml2-nameid-infokey", - "sunIdentityMSISDNNumber", - "iplanet-am-user-password-reset-force-reset", - "sunAMAuthInvalidAttemptsData", - "devicePrintProfiles", - "givenName", - "iplanet-am-session-get-valid-sessions", - "objectClass", - "adminRole", - "inetUserHttpURL", - "lastEmailSent", - "iplanet-am-user-account-life", - "postalAddress", - "userCertificate", - "preferredtimezone", - "iplanet-am-user-admin-start-dn", - "boundDevices", - "oath2faEnabled", - "preferredlanguage", - "sun-fm-saml2-nameid-info", - "userPassword", - "iplanet-am-session-service-status", - "telephoneNumber", - "iplanet-am-session-max-idle-time", - "distinguishedName", - "iplanet-am-session-destroy-sessions", - "kbaInfoAttempts", - "modifyTimestamp", - "uid", - "iplanet-am-user-success-url", - "iplanet-am-user-auth-modules", - "kbaInfo", - "memberOf", - "sn", - "preferredLocale", - "manager", - "iplanet-am-session-max-session-time", - "deviceProfiles", - "cn", - "oathDeviceProfiles", - "webauthnDeviceProfiles", - "iplanet-am-user-login-status", - "pushDeviceProfiles", - "push2faEnabled", - "inetUserStatus", - "retryLimitNodeCount", - "iplanet-am-user-failure-url", - "iplanet-am-session-max-caching-time", - "thingType", - "thingKeys", - "thingOAuth2ClientName", - "thingConfig", - "thingProperties", - ], - "sun-idrepo-ldapv3-config-user-objectclass": [ - "iplanet-am-managed-person", - "inetuser", - "sunFMSAML2NameIdentifier", - "inetorgperson", - "devicePrintProfilesContainer", - "boundDevicesContainer", - "iplanet-am-user-service", - "iPlanetPreferences", - "pushDeviceProfilesContainer", - "forgerock-am-dashboard-service", - "organizationalperson", - "top", - "kbaInfoContainer", - "person", - "sunAMAuthAccountLockout", - "oathDeviceProfilesContainer", - "webauthnDeviceProfilesContainer", - "iplanet-am-auth-configuration-service", - "deviceProfilesContainer", - "fr-iot", - ], - "sun-idrepo-ldapv3-config-users-search-attribute": "uid", - "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + "startTime": { + "type": "string", }, }, - ], - "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", - "sunIdRepoAttributeValidator": [ - "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", - "minimumPasswordLength=8", - "usernameInvalidChars=*|(|)|&|!", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/iot.service.json 1`] = ` -{ - "meta": Any, - "service": { - "iot": { - "_id": "", - "_type": { - "_id": "iot", - "collection": false, - "name": "IoT Service", + "type": "object", }, - "attributeAllowlist": [ - "thingConfig", - ], - "createOAuthClient": false, - "createOAuthJwtIssuer": false, - "location": "/", - "nextDescendents": [], - "oauthClientName": "forgerock-iot-oauth2-client", - "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", + "logical": false, + "title": "SimpleTime", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/oauth-oidc.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Transaction.conditionTypes.json 1`] = ` { - "meta": Any, - "service": { - "oauth-oidc": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": false, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:token-exchange", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "changeme", - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "[Empty]", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - ], - "supportedScopes": [], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": false, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": false, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "location": "/", - "nextDescendents": [], - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + "conditionTypes": { + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", + }, + "strategySpecifier": { + "type": "string", + }, + }, + "type": "object", }, + "logical": false, + "title": "Transaction", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pingOneWorkerService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` { - "meta": Any, - "service": { - "pingOneWorkerService": { - "_id": "", - "_type": { - "_id": "pingOneWorkerService", - "collection": false, - "name": "PingOne Worker Service", - }, - "enabled": true, - "location": "/", - "nextDescendents": [], + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/policyconfiguration.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Agent.journey.json 1`] = ` { "meta": Any, - "service": { - "policyconfiguration": { - "_id": "", - "_type": { - "_id": "policyconfiguration", - "collection": false, - "name": "Policy Configuration", + "trees": { + "Agent": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AgentDataStoreDecisionNode", + "collection": true, + "name": "Agent Data Store Decision", + }, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Agent", + "description": "null", + "enabled": true, + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "checkIfResourceTypeExists": true, - "connectionPoolMaximumSize": 10, - "connectionPoolMinimumSize": 1, - "ldapServer": [ - "localhost:50636", - ], - "location": "/", - "maximumSearchResults": 100, - "mtlsEnabled": false, - "nextDescendents": [], - "policyHeartbeatInterval": 10, - "policyHeartbeatTimeUnit": "SECONDS", - "realmSearchFilter": "(objectclass=sunismanagedorganization)", - "searchTimeout": 5, - "sslEnabled": true, - "subjectsResultTTL": 10, - "userAliasEnabled": false, - "usersBaseDn": "dc=openam,dc=forgerock,dc=org", - "usersSearchAttribute": "uid", - "usersSearchFilter": "(objectclass=inetorgperson)", - "usersSearchScope": "SCOPE_SUB", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/pushNotification.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Example.journey.json 1`] = ` { "meta": Any, - "service": { - "pushNotification": { - "_id": "", - "_type": { - "_id": "pushNotification", - "collection": false, - "name": "Push Notification Service", + "trees": { + "Example": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Example", + "description": "null", + "enabled": true, + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "connections": { + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "connections": { + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "connections": { + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", - "location": "/", - "mdCacheSize": 10000, - "mdConcurrency": 16, - "mdDuration": 120, - "nextDescendents": [], - "region": "us-east-1", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/security.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` { "meta": Any, - "service": { - "security": { - "_id": "", - "_type": { - "_id": "security", - "collection": false, - "name": "Legacy User Self Service", + "trees": { + "Facebook-ProvisionIDMAccount": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialFacebookNode", + "collection": true, + "name": "Social Facebook", + }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionIdmAccountNode", + "collection": true, + "name": "Provision IDM Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + }, + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + "x": 0, + "y": 0, + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", - "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", - "forgotPasswordEnabled": false, - "forgotPasswordTokenLifetime": 900, - "location": "/", - "nextDescendents": [], - "protectedUserAttributes": [], - "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", - "selfRegistrationEnabled": false, - "selfRegistrationTokenLifetime": 900, - "selfServiceEnabled": false, - "userRegisteredDestination": "default", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfService.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-AnonymousUser.journey.json 1`] = ` { "meta": Any, - "service": { - "selfService": { - "_id": "", - "_type": { - "_id": "selfService", - "collection": false, - "name": "User Self-Service", - }, - "advancedConfig": { - "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", - "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", - "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", - "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", - "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", + "trees": { + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetSuccessUrlNode", + "collection": true, + "name": "Success URL", + }, + "successUrl": "https://www.forgerock.com/", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AnonymousUserNode", + "collection": true, + "name": "Anonymous User Mapping", + }, + "anonymousUserName": "anonymous", + }, }, - "forgottenPassword": { - "forgottenPasswordCaptchaEnabled": false, - "forgottenPasswordEmailBody": [ - "en|

Click on this link to reset your password.

", - ], - "forgottenPasswordEmailSubject": [ - "en|Forgotten password email", - ], - "forgottenPasswordEmailVerificationEnabled": true, - "forgottenPasswordEnabled": false, - "forgottenPasswordKbaEnabled": false, - "forgottenPasswordTokenPaddingLength": 450, - "forgottenPasswordTokenTTL": 300, - "numberOfAllowedAttempts": 1, - "numberOfAttemptsEnforced": false, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-AnonymousUser", + "description": "null", + "enabled": true, + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", + "x": 0, + "y": 0, + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + "x": 0, + "y": 0, + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "connections": { + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + }, + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "forgottenUsername": { - "forgottenUsernameCaptchaEnabled": false, - "forgottenUsernameEmailBody": [ - "en|

Your username is %username%.

", - ], - "forgottenUsernameEmailSubject": [ - "en|Forgotten username email", - ], - "forgottenUsernameEmailUsernameEnabled": true, - "forgottenUsernameEnabled": false, - "forgottenUsernameKbaEnabled": false, - "forgottenUsernameShowUsernameEnabled": false, - "forgottenUsernameTokenTTL": 300, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-DynamicAccountCreation.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Google-DynamicAccountCreation": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionDynamicAccountNode", + "collection": true, + "name": "Provision Dynamic Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "CreatePasswordNode", + "collection": true, + "name": "Create Password", + }, + "minPasswordLength": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, }, - "generalConfig": { - "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", - "kbaQuestions": [ - "4|en|What is your mother's maiden name?", - "3|en|What was the name of your childhood pet?", - "2|en|What was the model of your first car?", - "1|en|What is the name of your favourite restaurant?", - ], - "minimumAnswersToDefine": 1, - "minimumAnswersToVerify": 1, - "validQueryAttributes": [ - "uid", - "mail", - "givenName", - "sn", - ], + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-DynamicAccountCreation", + "description": "null", + "enabled": true, + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", + "x": 0, + "y": 0, + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "connections": { + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + }, + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", + "x": 0, + "y": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + "x": 0, + "y": 0, + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "connections": { + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + "x": 0, + "y": 0, + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "connections": { + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + "x": 0, + "y": 0, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "location": "/", - "nextDescendents": [], - "profileManagement": { - "profileAttributeWhitelist": [ - "uid", - "telephoneNumber", - "mail", - "kbaInfo", - "givenName", - "sn", - "cn", - ], - "profileProtectedUserAttributes": [ - "telephoneNumber", - "mail", - ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/HmacOneTimePassword.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "HmacOneTimePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, }, - "userRegistration": { - "userRegisteredDestination": "default", - "userRegistrationCaptchaEnabled": false, - "userRegistrationEmailBody": [ - "en|

Click on this link to register.

", - ], - "userRegistrationEmailSubject": [ - "en|Registration email", - ], - "userRegistrationEmailVerificationEnabled": true, - "userRegistrationEmailVerificationFirstEnabled": false, - "userRegistrationEnabled": false, - "userRegistrationKbaEnabled": false, - "userRegistrationTokenTTL": 300, - "userRegistrationValidUserAttributes": [ - "userPassword", - "mail", - "givenName", - "kbaInfo", - "inetUserStatus", - "sn", - "username", - ], + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "HmacOneTimePassword", + "description": "null", + "enabled": true, + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "connections": { + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + "x": 0, + "y": 0, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + "x": 0, + "y": 0, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "connections": { + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + "x": 0, + "y": 0, + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "connections": { + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/selfServiceTrees.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PersistentCookie.journey.json 1`] = ` { "meta": Any, - "service": { - "selfServiceTrees": { - "_id": "", - "_type": { - "_id": "selfServiceTrees", - "collection": false, - "name": "Self Service Trees", + "trees": { + "PersistentCookie": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", + }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "PersistentCookieDecisionNode", + "collection": true, + "name": "Persistent Cookie Decision", + }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, }, - "enabled": true, - "location": "/", - "nextDescendents": [], - "treeMapping": { - "forgottenUsername": "PlatformForgottenUsername", - "registration": "PlatformRegistration", - "resetPassword": "PlatformResetPassword", - "updatePassword": "PlatformUpdatePassword", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PersistentCookie", + "description": "null", + "enabled": true, + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "connections": { + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + "x": 0, + "y": 0, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + "x": 0, + "y": 0, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "connections": { + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/socialauthentication.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformForgottenUsername.journey.json 1`] = ` { "meta": Any, - "service": { - "socialauthentication": { - "_id": "", - "_type": { - "_id": "socialauthentication", - "collection": false, - "name": "Social Authentication Implementations", + "trees": { + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, }, - "authenticationChains": {}, - "displayNames": {}, - "enabledKeys": [], - "icons": {}, - "location": "/", - "nextDescendents": [], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/transaction.service.json 1`] = ` -{ - "meta": Any, - "service": { - "transaction": { - "_id": "", - "_type": { - "_id": "transaction", - "collection": false, - "name": "Transaction Authentication Service", + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identityAttribute": "mail", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "location": "/", - "nextDescendents": [], - "timeToLive": "180", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/user.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformLogin.journey.json 1`] = ` { "meta": Any, - "service": { - "user": { - "_id": "", - "_type": { - "_id": "user", - "collection": false, - "name": "User", + "trees": { + "PlatformLogin": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, }, - "dynamic": { - "defaultUserStatus": "Active", + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformProgressiveProfile", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformLogin", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "location": "/", - "nextDescendents": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/service/validation.service.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformProgressiveProfile.journey.json 1`] = ` { "meta": Any, - "service": { - "validation": { - "_id": "", - "_type": { - "_id": "validation", - "collection": false, - "name": "Validation Service", + "trees": { + "PlatformProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, + }, + }, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision", + }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", + }, + "stage": "null", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision", + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + "x": 0, + "y": 0, + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + "x": 0, + "y": 0, + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "location": "/", - "nextDescendents": [], - "validGotoDestinations": [], }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectAttributes/undefined.subjectAttributes.json 1`] = ` -{ - "meta": Any, - "subjectAttributes": { - "undefined": "iplanet-am-user-login-status", - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AND.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformRegistration.journey.json 1`] = ` { "meta": Any, - "subjectTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "subjects": { - "type": "array", + "trees": { + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, + }, + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + "x": 0, + "y": 0, + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, }, }, - "type": "object", - }, - "logical": true, - "title": "AND", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AuthenticatedUsers": { - "_id": "AuthenticatedUsers", - "config": { - "properties": {}, - "type": "object", + "uiConfig": {}, }, - "logical": false, - "title": "AuthenticatedUsers", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Identity.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformResetPassword.journey.json 1`] = ` { "meta": Any, - "subjectTypes": { - "Identity": { - "_id": "Identity", - "config": { - "properties": { - "subjectValues": { - "items": { - "type": "string", + "trees": { + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, }, - "type": "object", }, - "logical": false, - "title": "Identity", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "JwtClaim": { - "_id": "JwtClaim", - "config": { - "properties": { - "claimName": { - "type": "string", + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, - "claimValue": { - "type": "string", + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", }, + "stage": "null", }, - "type": "object", - }, - "logical": false, - "title": "JwtClaim", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NONE.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NONE": { - "_id": "NONE", - "config": { - "properties": {}, - "type": "object", - }, - "logical": false, - "title": "NONE", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/NOT.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "subject": { - "properties": {}, - "type": "object", + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", }, + "identifier": "userName", + "identityAttribute": "mail", }, - "type": "object", - }, - "logical": true, - "title": "NOT", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/OR.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "subjects": { - "type": "array", + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", }, + "stage": "null", }, - "type": "object", - }, - "logical": true, - "title": "OR", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/subjectTypes/Policy.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", }, - "name": { - "type": "string", + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", }, - "values": { - "items": { - "type": "string", + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", }, - "type": "array", + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, }, - "type": "object", - }, - "logical": false, - "title": "Policy", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/test-jwt-issuer.trustedJwtIssuer.json 1`] = ` -{ - "meta": Any, - "trustedJwtIssuer": { - "test-jwt-issuer": { - "_id": "test-jwt-issuer", - "_type": { - "_id": "TrustedJwtIssuer", - "collection": true, - "name": "OAuth2 Trusted JWT Issuer", }, - "agentgroup": null, - "allowedSubjects": [], - "consentedScopesClaim": "scope", - "issuer": "hello", - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "resourceOwnerIdentityClaim": "sub", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/trustedJwtIssuer/trusted-jwt.trustedJwtIssuer.json 1`] = ` -{ - "meta": Any, - "trustedJwtIssuer": { - "trusted jwt": { - "_id": "trusted jwt", - "_type": { - "_id": "TrustedJwtIssuer", - "collection": true, - "name": "OAuth2 Trusted JWT Issuer", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "agentgroup": null, - "allowedSubjects": [], - "consentedScopesClaim": "scope", - "issuer": null, - "jwkSet": null, - "jwkStoreCacheMissCacheTime": 60000, - "jwksCacheTimeout": 3600000, - "jwksUri": null, - "resourceOwnerIdentityClaim": "sub", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Cool-Webhook.webhookService.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformUpdatePassword.journey.json 1`] = ` { "meta": Any, - "webhookService": { - "Cool Webhook": { - "_id": "Cool Webhook", - "_type": { - "_id": "webhooks", - "collection": true, - "name": "Webhook Service", - }, - "body": "body", - "headers": { - "accept": "*/*", - "cool": "test", + "trees": { + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, }, - "url": "test", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/webhookService/Test-Webhook.webhookService.json 1`] = ` -{ - "meta": Any, - "webhookService": { - "Test Webhook": { - "_id": "Test Webhook", - "_type": { - "_id": "webhooks", - "collection": true, - "name": "Webhook Service", + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, }, - "body": "hello", - "headers": { - "accept": "*/*", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + "x": 0, + "y": 0, + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root/wsEntity/ws.wsEntity.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/RetryLimit.journey.json 1`] = ` { "meta": Any, - "wsEntity": { - "ws": { - "_id": "ws", - "_type": { - "_id": "ws", - "collection": true, - "name": "Entity Descriptor ", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "iPlanetAMWebAgentService": { - "_id": "iPlanetAMWebAgentService", - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, + "trees": { + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", + }, }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "iPlanetAMWebAgentService", - "resourceComparator": "com.sun.identity.entitlement.URLResourceName", - "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", - "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "sunAMDelegationService": { - "_id": "sunAMDelegationService", - "actions": { - "DELEGATE": true, - "MODIFY": true, - "READ": true, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "sunAMDelegationService", - "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", - "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", - "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/policyset/oauth2Scopes.policyset.json 1`] = ` { - "applicationTypes": { - "umaApplicationType": { - "_id": "umaApplicationType", - "actions": {}, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "umaApplicationType", - "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", - "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", - "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authentication/root-first.authentication.settings.json 1`] = ` -{ - "authentication": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Core", - }, - "accountlockout": { - "lockoutDuration": 0, - "lockoutDurationMultiplier": 1, - "lockoutWarnUserCount": 0, - "loginFailureCount": 5, - "loginFailureDuration": 300, - "loginFailureLockoutMode": false, - "storeInvalidAttemptsInDataStore": true, - }, - "core": { - "adminAuthModule": "ldapService", - "orgConfig": "ldapService", - }, - "general": { - "defaultAuthLevel": 0, - "identityType": [ - "agent", - "user", + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", ], - "locale": "en_US", - "statelessSessionsEnabled": false, - "twoFactorRequired": false, - "userStatusCallbackPlugins": [], - }, - "postauthprocess": { - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [ - "/am/console", + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788713, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", ], - "userAttributeSessionMapping": [], - "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", - "usernameGeneratorEnabled": true, - }, - "security": { - "addClearSiteDataHeader": true, - "moduleBasedAuthEnabled": true, - "sharedSecret": null, - "zeroPageLoginAllowedWithoutReferrer": true, - "zeroPageLoginEnabled": false, - "zeroPageLoginReferrerWhiteList": [], - }, - "trees": { - "authenticationSessionsMaxDuration": 5, - "authenticationSessionsStateManagement": "JWT", - "authenticationSessionsWhitelist": false, - "authenticationTreeCookieHttpOnly": true, - "suspendedAuthenticationTimeout": 5, - }, - "userprofile": { - "aliasAttributeName": [ - "uid", + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", ], - "defaultRole": [], - "dynamicProfileCreation": "false", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/amsterService.authenticationChains.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` { - "authenticationChains": { - "amsterService": { - "_id": "amsterService", - "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", + "meta": Any, + "resourcetype": { + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "Amster", - "options": {}, - }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788670, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationChains/ldapService.authenticationChains.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/URL.resourcetype.json 1`] = ` { - "authenticationChains": { - "ldapService": { - "_id": "ldapService", - "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", + "meta": Any, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "DataStore", - "options": {}, - }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788692, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/amster.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-keystore.secretstore.json 1`] = ` { - "authenticationModules": { - "amster": { - "_id": "amster", - "_type": { - "_id": "amster", - "collection": true, - "name": "ForgeRock Amster", - }, - "authenticationLevel": 0, - "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", - "enabled": true, - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/datastore.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "datastore": { - "_id": "datastore", + "secretstore": { + "default-keystore": { + "_id": "default-keystore", "_type": { - "_id": "datastore", + "_id": "KeyStoreSecretStore", "collection": true, - "name": "Data Store", + "name": "Keystore", }, - "authenticationLevel": 0, + "file": "/home/prestonhales/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/federation.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-passwords-store.secretstore.json 1`] = ` { - "authenticationModules": { - "federation": { - "_id": "federation", + "meta": Any, + "secretstore": { + "default-passwords-store": { + "_id": "default-passwords-store", "_type": { - "_id": "federation", + "_id": "FileSystemSecretStore", "collection": true, - "name": "Federation", + "name": "File System Secret Volumes", }, - "authenticationLevel": 0, + "directory": "/home/prestonhales/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/hotp.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/SocialIdentityProviders.service.json 1`] = ` { - "authenticationModules": { - "hotp": { - "_id": "hotp", + "meta": Any, + "service": { + "SocialIdentityProviders": { + "_id": "", "_type": { - "_id": "hotp", - "collection": true, - "name": "HOTP", + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", }, - "authenticationLevel": 0, - "autoSendOTP": false, - "otpDeliveryMethod": "SMS and E-mail", - "otpLength": "8", - "otpMaxRetry": 3, - "otpValidityDuration": 5, - "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "smtpFromAddress": "no-reply@openam.org", - "smtpHostPort": 465, - "smtpHostname": "smtp.gmail.com", - "smtpSslEnabled": "SSL", - "smtpUserPassword": null, - "smtpUsername": "opensso.sun", - "userProfileEmailAttribute": "mail", - "userProfileTelephoneAttribute": "telephoneNumber", + "enabled": true, + "location": "/first", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/ldap.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/id-repositories.service.json 1`] = ` { - "authenticationModules": { - "ldap": { - "_id": "ldap", + "meta": Any, + "service": { + "id-repositories": { + "_id": "", "_type": { - "_id": "ldap", - "collection": true, - "name": "LDAP", + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", }, - "authenticationLevel": 0, - "beheraPasswordPolicySupportEnabled": true, - "connectionHeartbeatInterval": 10, - "connectionHeartbeatTimeUnit": "SECONDS", - "minimumPasswordLength": "8", - "openam-auth-ldap-connection-mode": "LDAPS", - "operationTimeout": 0, - "primaryLdapServer": [ - "localhost:50636", - ], - "profileAttributeMappings": [], - "returnUserDN": true, - "searchScope": "SUBTREE", - "secondaryLdapServer": [], - "stopLdapbindAfterInmemoryLockedEnabled": false, - "trustAllServerCertificates": false, - "userBindDN": "cn=Directory Manager", - "userBindPassword": null, - "userProfileRetrievalAttribute": "uid", - "userSearchAttributes": [ - "uid", + "location": "/first", + "nextDescendents": [ + { + "_id": "embedded", + "_type": { + "_id": "LDAPv3ForOpenDS", + "collection": true, + "name": "OpenDJ", + }, + "authentication": { + "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", + }, + "cachecontrol": { + "sun-idrepo-ldapv3-dncache-enabled": true, + "sun-idrepo-ldapv3-dncache-size": 1500, + }, + "errorhandling": { + "com.iplanet.am.ldap.connection.delay.between.retries": 1000, + }, + "groupconfig": { + "sun-idrepo-ldapv3-config-group-attributes": [ + "dn", + "cn", + "uniqueMember", + "objectclass", + ], + "sun-idrepo-ldapv3-config-group-container-name": "ou", + "sun-idrepo-ldapv3-config-group-container-value": "groups", + "sun-idrepo-ldapv3-config-group-objectclass": [ + "top", + "groupofuniquenames", + ], + "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", + "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", + "sun-idrepo-ldapv3-config-memberurl": "memberUrl", + "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", + }, + "ldapsettings": { + "openam-idrepo-ldapv3-affinity-level": "all", + "openam-idrepo-ldapv3-behera-support-enabled": true, + "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, + "openam-idrepo-ldapv3-heartbeat-interval": 10, + "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", + "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", + "openam-idrepo-ldapv3-mtls-enabled": false, + "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, + "openam-idrepo-ldapv3-proxied-auth-enabled": false, + "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", + "sun-idrepo-ldapv3-config-authpw": null, + "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", + "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, + "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, + "sun-idrepo-ldapv3-config-ldap-server": [ + "localhost:50636", + "localhost:50636|01", + ], + "sun-idrepo-ldapv3-config-max-result": 1000, + "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", + "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-time-limit": 10, + "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + }, + "persistentsearch": { + "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", + "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + }, + "pluginconfig": { + "sunIdRepoAttributeMapping": [], + "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", + "sunIdRepoSupportedOperations": [ + "realm=read,create,edit,delete,service", + "user=read,create,edit,delete,service", + "group=read,create,edit,delete", + ], + }, + "userconfig": { + "sun-idrepo-ldapv3-config-active": "Active", + "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ + "kbaInfoAttempts", + ], + "sun-idrepo-ldapv3-config-auth-kba-attr": [ + "kbaInfo", + ], + "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", + "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ + "cn", + "sn", + ], + "sun-idrepo-ldapv3-config-inactive": "Inactive", + "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", + "sun-idrepo-ldapv3-config-people-container-name": "ou", + "sun-idrepo-ldapv3-config-people-container-value": "people", + "sun-idrepo-ldapv3-config-user-attributes": [ + "iplanet-am-auth-configuration", + "iplanet-am-user-alias-list", + "iplanet-am-user-password-reset-question-answer", + "mail", + "assignedDashboard", + "authorityRevocationList", + "dn", + "iplanet-am-user-password-reset-options", + "employeeNumber", + "createTimestamp", + "kbaActiveIndex", + "caCertificate", + "iplanet-am-session-quota-limit", + "iplanet-am-user-auth-config", + "sun-fm-saml2-nameid-infokey", + "sunIdentityMSISDNNumber", + "iplanet-am-user-password-reset-force-reset", + "sunAMAuthInvalidAttemptsData", + "devicePrintProfiles", + "givenName", + "iplanet-am-session-get-valid-sessions", + "objectClass", + "adminRole", + "inetUserHttpURL", + "lastEmailSent", + "iplanet-am-user-account-life", + "postalAddress", + "userCertificate", + "preferredtimezone", + "iplanet-am-user-admin-start-dn", + "boundDevices", + "oath2faEnabled", + "preferredlanguage", + "sun-fm-saml2-nameid-info", + "userPassword", + "iplanet-am-session-service-status", + "telephoneNumber", + "iplanet-am-session-max-idle-time", + "distinguishedName", + "iplanet-am-session-destroy-sessions", + "kbaInfoAttempts", + "modifyTimestamp", + "uid", + "iplanet-am-user-success-url", + "iplanet-am-user-auth-modules", + "kbaInfo", + "memberOf", + "sn", + "preferredLocale", + "manager", + "iplanet-am-session-max-session-time", + "deviceProfiles", + "cn", + "oathDeviceProfiles", + "webauthnDeviceProfiles", + "iplanet-am-user-login-status", + "pushDeviceProfiles", + "push2faEnabled", + "inetUserStatus", + "retryLimitNodeCount", + "iplanet-am-user-failure-url", + "iplanet-am-session-max-caching-time", + ], + "sun-idrepo-ldapv3-config-user-objectclass": [ + "iplanet-am-managed-person", + "inetuser", + "sunFMSAML2NameIdentifier", + "inetorgperson", + "devicePrintProfilesContainer", + "boundDevicesContainer", + "iplanet-am-user-service", + "iPlanetPreferences", + "pushDeviceProfilesContainer", + "forgerock-am-dashboard-service", + "organizationalperson", + "top", + "kbaInfoContainer", + "person", + "sunAMAuthAccountLockout", + "oathDeviceProfilesContainer", + "webauthnDeviceProfilesContainer", + "iplanet-am-auth-configuration-service", + "deviceProfilesContainer", + ], + "sun-idrepo-ldapv3-config-users-search-attribute": "uid", + "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + }, + }, ], - "userSearchStartDN": [ - "dc=openam,dc=forgerock,dc=org", + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", ], }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/oath.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/oauth-oidc.service.json 1`] = ` { - "authenticationModules": { - "oath": { - "_id": "oath", + "meta": Any, + "service": { + "oauth-oidc": { + "_id": "", "_type": { - "_id": "oath", - "collection": true, - "name": "OATH", + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "location": "/first", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", }, - "addChecksum": "False", - "authenticationLevel": 0, - "forgerock-oath-maximum-clock-drift": 0, - "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", - "hotpWindowSize": 100, - "minimumSecretKeyLength": "32", - "oathAlgorithm": "HOTP", - "oathOtpMaxRetry": 3, - "passwordLength": "6", - "stepsInWindow": 2, - "timeStepSize": 30, - "truncationOffset": -1, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/authenticationModules/sae.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/policyconfiguration.service.json 1`] = ` { - "authenticationModules": { - "sae": { - "_id": "sae", + "meta": Any, + "service": { + "policyconfiguration": { + "_id": "", "_type": { - "_id": "sae", - "collection": true, - "name": "SAE", + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", }, - "authenticationLevel": 0, + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "location": "/first", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectAttributes/undefined.subjectAttributes.json 1`] = ` { - "conditionTypes": { - "AMIdentityMembership": { - "_id": "AMIdentityMembership", - "config": { - "properties": { - "amIdentityName": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AMIdentityMembership", - }, - }, "meta": Any, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AND.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AND.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "AND": { "_id": "AND", "config": { "properties": { - "conditions": { + "subjects": { "type": "array", }, }, @@ -389336,213 +399502,100 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "AND", }, }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthLevel": { - "_id": "AuthLevel", - "config": { - "properties": { - "authLevel": { - "type": "integer", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthLevel", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthScheme": { - "_id": "AuthScheme", - "config": { - "properties": { - "applicationIdleTimeout": { - "type": "integer", - }, - "applicationName": { - "type": "string", - }, - "authScheme": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthScheme", - }, - }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` { - "conditionTypes": { - "AuthenticateToRealm": { - "_id": "AuthenticateToRealm", - "config": { - "properties": { - "authenticateToRealm": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthenticateToRealm", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthenticateToService": { - "_id": "AuthenticateToService", + "subjectTypes": { + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", "config": { - "properties": { - "authenticateToService": { - "type": "string", - }, - }, + "properties": {}, "type": "object", }, "logical": false, - "title": "AuthenticateToService", + "title": "AuthenticatedUsers", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv4.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Identity.subjectTypes.json 1`] = ` { - "conditionTypes": { - "IPv4": { - "_id": "IPv4", - "config": { - "properties": { - "dnsName": { - "items": { - "type": "string", - }, - "type": "array", - }, - "endIp": { - "type": "string", - }, - "startIp": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "IPv4", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/IPv6.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "IPv6": { - "_id": "IPv6", + "subjectTypes": { + "Identity": { + "_id": "Identity", "config": { "properties": { - "dnsName": { + "subjectValues": { "items": { "type": "string", }, "type": "array", }, - "endIp": { - "type": "string", - }, - "startIp": { - "type": "string", - }, }, "type": "object", }, "logical": false, - "title": "IPv6", + "title": "Identity", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` { - "conditionTypes": { - "LDAPFilter": { - "_id": "LDAPFilter", + "meta": Any, + "subjectTypes": { + "JwtClaim": { + "_id": "JwtClaim", "config": { "properties": { - "ldapFilter": { + "claimName": { + "type": "string", + }, + "claimValue": { "type": "string", }, }, "type": "object", }, "logical": false, - "title": "LDAPFilter", + "title": "JwtClaim", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NONE.subjectTypes.json 1`] = ` { - "conditionTypes": { - "LEAuthLevel": { - "_id": "LEAuthLevel", + "meta": Any, + "subjectTypes": { + "NONE": { + "_id": "NONE", "config": { - "properties": { - "authLevel": { - "type": "integer", - }, - }, + "properties": {}, "type": "object", }, "logical": false, - "title": "LEAuthLevel", + "title": "NONE", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/NOT.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NOT.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "NOT": { "_id": "NOT", "config": { "properties": { - "condition": { + "subject": { "properties": {}, "type": "object", }, @@ -389553,42 +399606,18 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "NOT", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/OR.subjectTypes.json 1`] = ` { - "conditionTypes": { - "OAuth2Scope": { - "_id": "OAuth2Scope", - "config": { - "properties": { - "requiredScopes": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", - }, - "logical": false, - "title": "OAuth2Scope", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/OR.conditionTypes.json 1`] = ` -{ - "conditionTypes": { + "subjectTypes": { "OR": { "_id": "OR", "config": { "properties": { - "conditions": { + "subjects": { "type": "array", }, }, @@ -389598,13 +399627,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "OR", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Policy.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Policy.subjectTypes.json 1`] = ` { - "conditionTypes": { + "meta": Any, + "subjectTypes": { "Policy": { "_id": "Policy", "config": { @@ -389612,8 +399641,14 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "className": { "type": "string", }, - "properties": { - "type": "object", + "name": { + "type": "string", + }, + "values": { + "items": { + "type": "string", + }, + "type": "array", }, }, "type": "object", @@ -389622,1497 +399657,911 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "title": "Policy", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/webhookService/webhooks.webhookService.json 1`] = ` { - "conditionTypes": { - "ResourceEnvIP": { - "_id": "ResourceEnvIP", - "config": { - "properties": { - "resourceEnvIPConditionValue": { - "items": { - "type": "string", - }, - "type": "array", - }, - }, - "type": "object", + "meta": Any, + "webhookService": { + "webhooks": { + "_id": "webhooks", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "headers": { + "accept": "*/*", }, - "logical": false, - "title": "ResourceEnvIP", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Script.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/wsEntity/ws.wsEntity.json 1`] = ` { - "conditionTypes": { - "Script": { - "_id": "Script", - "config": { - "properties": { - "scriptId": { - "type": "string", - }, - }, - "type": "object", + "meta": Any, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", }, - "logical": false, - "title": "Script", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Session.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` { - "conditionTypes": { - "Session": { - "_id": "Session", - "config": { - "properties": { - "maxSessionTime": { - "type": "integer", - }, - "terminateSession": { - "required": true, - "type": "boolean", - }, - }, - "type": "object", + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, }, - "logical": false, - "title": "Session", + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` { - "conditionTypes": { - "SessionProperty": { - "_id": "SessionProperty", - "config": { - "properties": { - "ignoreValueCase": { - "required": true, - "type": "boolean", - }, - "properties": { - "type": "object", - }, - }, - "type": "object", + "applicationTypes": { + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true, }, - "logical": false, - "title": "SessionProperty", + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` { - "conditionTypes": { - "SimpleTime": { - "_id": "SimpleTime", - "config": { - "properties": { - "endDate": { - "type": "string", - }, - "endDay": { - "type": "string", - }, - "endTime": { - "type": "string", - }, - "enforcementTimeZone": { - "type": "string", - }, - "startDate": { - "type": "string", - }, - "startDay": { - "type": "string", - }, - "startTime": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "SimpleTime", + "applicationTypes": { + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/conditionTypes/Transaction.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authentication/root-first-second.authentication.settings.json 1`] = ` { - "conditionTypes": { - "Transaction": { - "_id": "Transaction", - "config": { - "properties": { - "authenticationStrategy": { - "type": "string", - }, - "strategySpecifier": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "Transaction", + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": true, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/amsterService.authenticationChains.json 1`] = ` { - "decisionCombiners": { - "DenyOverride": { - "_id": "DenyOverride", - "title": "DenyOverride", + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], }, }, "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Agent.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/ldapService.authenticationChains.json 1`] = ` { - "meta": Any, - "trees": { - "Agent": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "AgentDataStoreDecisionNode", - "collection": true, - "name": "Agent Data Store Decision", - }, - }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", - "_outcomes": [ - { - "displayName": "Has Credentials", - "id": "true", - }, - { - "displayName": "No Credentials", - "id": "false", - }, - ], - "_type": { - "_id": "ZeroPageLoginNode", - "collection": true, - "name": "Zero Page Login Collector", - }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", - }, + "authenticationChains": { + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Agent", - "description": "null", - "enabled": true, - "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Agent Data Store Decision", - "nodeType": "AgentDataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "a87ff679-a2f3-371d-9181-a67b7542122c", - }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", - "x": 0, - "y": 0, - }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, }, - "uiConfig": {}, - }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Example.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/amster.authenticationModules.json 1`] = ` { - "meta": Any, - "trees": { - "Example": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", - }, - }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", - }, - }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", - "_outcomes": [ - { - "displayName": "Has Credentials", - "id": "true", - }, - { - "displayName": "No Credentials", - "id": "false", - }, - ], - "_type": { - "_id": "ZeroPageLoginNode", - "collection": true, - "name": "Zero Page Login Collector", - }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Example", - "description": "null", - "enabled": true, - "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "connections": { - "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, - }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "connections": { - "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "connections": { - "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", - }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster", }, + "authenticationLevel": 0, + "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", + "enabled": true, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/datastore.authenticationModules.json 1`] = ` { - "meta": Any, - "trees": { - "Facebook-ProvisionIDMAccount": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialFacebookNode", - "collection": true, - "name": "Social Facebook", - }, - "authenticationIdKey": "id", - "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", - "cfgAccountMapperConfiguration": { - "id": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "first_name": "givenName", - "id": "iplanet-am-user-alias-list", - "last_name": "sn", - "name": "cn", - }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "facebook", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "public_profile,email", - "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", - "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", - }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ProvisionIdmAccountNode", - "collection": true, - "name": "Provision IDM Account", - }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Facebook-ProvisionIDMAccount", - "description": "null", - "enabled": true, - "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - }, - "displayName": "Facebook Social Authentication", - "nodeType": "SocialFacebookNode", - "x": 0, - "y": 0, - }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Provision IDM Account", - "nodeType": "ProvisionIdmAccountNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "authenticationModules": { + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store", }, + "authenticationLevel": 0, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-AnonymousUser.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/federation.authenticationModules.json 1`] = ` { - "meta": Any, - "trees": { - "Google-AnonymousUser": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "_id": "1ff1de77-4005-38da-93f4-2943881c655f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SetSuccessUrlNode", - "collection": true, - "name": "Success URL", - }, - "successUrl": "https://www.forgerock.com/", - }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", - }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AnonymousUserNode", - "collection": true, - "name": "Anonymous User Mapping", - }, - "anonymousUserName": "anonymous", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-AnonymousUser", - "description": "null", - "enabled": true, - "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Set Success URL", - "nodeType": "SetSuccessUrlNode", - "x": 0, - "y": 0, - }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", - }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, - }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "connections": { - "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", - }, - "displayName": "Map to Anonymous User", - "nodeType": "AnonymousUserNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, + "authenticationModules": { + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation", }, + "authenticationLevel": 0, }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/Google-DynamicAccountCreation.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/hotp.authenticationModules.json 1`] = ` { + "authenticationModules": { + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP", + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + }, "meta": Any, - "trees": { - "Google-DynamicAccountCreation": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ProvisionDynamicAccountNode", - "collection": true, - "name": "Provision Dynamic Account", - }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "CreatePasswordNode", - "collection": true, - "name": "Create Password", - }, - "minPasswordLength": 0, - }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", - }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", - }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", - }, - "emailSubject": { - "en": "Your One Time Password", - }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", - }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "_outcomes": [ - { - "displayName": "Retry", - "id": "Retry", - }, - { - "displayName": "Reject", - "id": "Reject", +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/ldap.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP", + }, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAPS", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/oath.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": true, + "name": "OATH", + }, + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/sae.authenticationModules.json 1`] = ` +{ + "authenticationModules": { + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": true, + "name": "SAE", + }, + "authenticationLevel": 0, + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "RetryLimitDecisionNode", - "collection": true, - "name": "Retry Limit Decision", + "type": "array", }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AND.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", }, - "length": 8, }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", + "type": "object", + }, + "logical": true, + "title": "AND", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", }, - "passwordExpiryTime": 5, }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-DynamicAccountCreation", - "description": "null", - "enabled": true, - "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Provision Dynamic Account", - "nodeType": "ProvisionDynamicAccountNode", - "x": 0, - "y": 0, - }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "connections": { - "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", - }, - "displayName": "Create Password", - "nodeType": "CreatePasswordNode", - "x": 0, - "y": 0, - }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", - }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, - }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "connections": { - "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", - }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 0, - "y": 0, - }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "connections": { - "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", - "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", - }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, + "logical": false, + "title": "AuthLevel", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "connections": { - "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", - }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 0, - "y": 0, + "applicationName": { + "type": "string", }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "connections": { - "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "authScheme": { + "items": { + "type": "string", }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 0, - "y": 0, + "type": "array", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "AuthScheme", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/HmacOneTimePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` { - "meta": Any, - "trees": { - "HmacOneTimePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", + "conditionTypes": { + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", }, - "length": 8, }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", }, - "passwordExpiryTime": 5, }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + "type": "object", + }, + "logical": false, + "title": "AuthenticateToService", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv4.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + "type": "array", }, - }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", }, }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "_id": "98f13708-2101-34c4-b568-7be6106a3b84", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "type": "object", + }, + "logical": false, + "title": "IPv4", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv6.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", + "type": "array", }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + "endIp": { + "type": "string", }, - "emailSubject": { - "en": "Your One Time Password", + "startIp": { + "type": "string", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", + "type": "object", + }, + "logical": false, + "title": "IPv6", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", }, }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "HmacOneTimePassword", - "description": "null", - "enabled": true, - "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "connections": { - "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", - }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 0, - "y": 0, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 0, - "y": 0, - }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "connections": { - "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, - }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "connections": { - "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 0, - "y": 0, - }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "connections": { - "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, + "logical": false, + "title": "LDAPFilter", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "LEAuthLevel", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PersistentCookie.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/NOT.conditionTypes.json 1`] = ` { - "meta": Any, - "trees": { - "PersistentCookie": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", + "conditionTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", }, }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "SetPersistentCookieNode", - "collection": true, - "name": "Set Persistent Cookie", + "type": "array", }, - "hmacSigningKey": null, - "idleTimeout": 5, - "maxLife": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "PersistentCookieDecisionNode", - "collection": true, - "name": "Persistent Cookie Decision", + "type": "object", + }, + "logical": false, + "title": "OAuth2Scope", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OR.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", }, - "enforceClientIp": false, - "hmacSigningKey": null, - "idleTimeout": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + "type": "object", + }, + "logical": true, + "title": "OR", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Policy.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", }, - }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + "properties": { + "type": "object", }, }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PersistentCookie", - "description": "null", - "enabled": true, - "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "connections": { - "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "logical": false, + "title": "Policy", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", }, - "displayName": "Set Persistent Cookie", - "nodeType": "SetPersistentCookieNode", - "x": 0, - "y": 0, + "type": "array", }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Persistent Cookie Decision", - "nodeType": "PersistentCookieDecisionNode", - "x": 0, - "y": 0, + }, + "type": "object", + }, + "logical": false, + "title": "ResourceEnvIP", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Script.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "connections": { - "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, + }, + "type": "object", + }, + "logical": false, + "title": "Script", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Session.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, + "terminateSession": { + "required": true, + "type": "boolean", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "Session", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformForgottenUsername.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` { - "meta": Any, - "trees": { - "PlatformForgottenUsername": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "d82c8d16-19ad-3176-9665-453cfb2e55f0": { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", + "conditionTypes": { + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, }, + "type": "object", }, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "InnerTreeEvaluatorNode", - "collection": true, - "name": "Inner Tree Evaluator", + "logical": false, + "title": "SessionProperty", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", }, - "tree": "PlatformLogin", - }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", + "endDay": { + "type": "string", }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + "endTime": { + "type": "string", }, - "emailTemplateName": "forgottenUsername", - "identityAttribute": "mail", - "objectLookup": true, - }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "_id": "a684ecee-e76f-3522-b732-86a895bc8436", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + "enforcementTimeZone": { + "type": "string", }, - "nodes": [ - { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": { - "en": "Enter your email address or Sign in", + "startDate": { + "type": "string", }, - "pageHeader": { - "en": "Forgotten Username", + "startDay": { + "type": "string", }, - "stage": "null", - }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", + "startTime": { + "type": "string", }, - "identityAttribute": "mail", }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformForgottenUsername", - "description": "Forgotten Username Tree", - "enabled": true, - "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, - }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "connections": { - "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "connections": { - "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "logical": false, + "title": "SimpleTime", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Transaction.conditionTypes.json 1`] = ` +{ + "conditionTypes": { + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "connections": { - "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, + "strategySpecifier": { + "type": "string", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "Transaction", }, }, + "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformLogin.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` +{ + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", + }, + }, + "meta": Any, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Agent.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformLogin": { + "Agent": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "642e92ef-b794-3173-8881-b53e1e1b18b6": { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, - "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, - }, - }, + "innerNodes": {}, "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "_id": "2838023a-778d-3aec-9c21-2708f721b788", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", - }, - "identityAttribute": "userName", - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", "_outcomes": [ { "displayName": "True", @@ -391124,62 +400573,32 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "InnerTreeEvaluatorNode", + "_id": "AgentDataStoreDecisionNode", "collection": true, - "name": "Inner Tree Evaluator", + "name": "Agent Data Store Decision", }, - "tree": "PlatformProgressiveProfile", }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", "_outcomes": [ { - "displayName": "True", + "displayName": "Has Credentials", "id": "true", }, { - "displayName": "False", + "displayName": "No Credentials", "id": "false", }, ], "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", + "_id": "ZeroPageLoginNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "New here? Create an account
Forgot username? Forgot password?", - }, - "pageHeader": { - "en": "Sign In", + "name": "Zero Page Login Collector", }, - "stage": "null", + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", }, }, "saml2Entities": {}, @@ -391187,48 +400606,30 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformLogin", - "description": "Platform Login Tree", + "_id": "Agent", + "description": "null", "enabled": true, - "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "connections": { - "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", - }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { "connections": { "false": "e301438c-0bd0-429c-ab0c-66126501069a", "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", "x": 0, "y": 0, }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { "connections": { "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "2838023a-778d-3aec-9c21-2708f721b788", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "connections": { - "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", "x": 0, "y": 0, }, @@ -391240,16 +400641,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformProgressiveProfile.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Example.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformProgressiveProfile": { + "Example": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", "_outcomes": [ { "displayName": "Outcome", @@ -391257,22 +400659,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AttributeCollectorNode", + "_id": "PasswordCollectorNode", "collection": true, - "name": "Attribute Collector", + "name": "Password Collector", }, - "attributesToCollect": [ - "preferences/updates", - "preferences/marketing", - ], - "identityAttribute": "userName", - "required": false, - "validateInputs": false, }, - }, - "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { - "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", "_outcomes": [ { "displayName": "True", @@ -391284,15 +400677,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "QueryFilterDecisionNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Query Filter Decision", + "name": "Data Store Decision", }, - "identityAttribute": "userName", - "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { - "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", "_outcomes": [ { "displayName": "Outcome", @@ -391300,65 +400691,32 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": {}, - "pageHeader": { - "en": "Please select your preferences", + "name": "Username Collector", }, - "stage": "null", }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { - "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", "_outcomes": [ { - "displayName": "True", + "displayName": "Has Credentials", "id": "true", }, { - "displayName": "False", + "displayName": "No Credentials", "id": "false", }, ], "_type": { - "_id": "LoginCountDecisionNode", - "collection": true, - "name": "Login Count Decision", - }, - "amount": 3, - "identityAttribute": "userName", - "interval": "AT", - }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { - "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", + "_id": "ZeroPageLoginNode", "collection": true, - "name": "Patch Object", + "name": "Zero Page Login Collector", }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", }, }, "saml2Entities": {}, @@ -391366,49 +400724,48 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformProgressiveProfile", - "description": "Prompt for missing preferences on 3rd login", + "_id": "Example", + "description": "null", "enabled": true, - "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", }, - "displayName": "Query Filter Decision", - "nodeType": "QueryFilterDecisionNode", + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", "x": 0, "y": 0, }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { "connections": { - "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", "x": 0, "y": 0, }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", }, - "displayName": "Login Count Decision", - "nodeType": "LoginCountDecisionNode", + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", "x": 0, "y": 0, }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", "x": 0, "y": 0, }, @@ -391420,70 +400777,62 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformRegistration.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformRegistration": { + "Facebook-ProvisionIDMAccount": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "givenName", - "sn", - "mail", - "preferences/marketing", - "preferences/updates", - ], - "identityAttribute": "userName", - "required": true, - "validateInputs": true, - }, - "1c383cd3-0b7c-398a-b502-93adfecb7b18": { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "No account exists", + "id": "NO_ACCOUNT", }, ], "_type": { - "_id": "ValidatedPasswordNode", + "_id": "SocialFacebookNode", "collection": true, - "name": "Platform Password", + "name": "Social Facebook", }, - "passwordAttribute": "password", - "validateInput": true, - }, - "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", ], - "_type": { - "_id": "AcceptTermsAndConditionsNode", - "collection": true, - "name": "Accept Terms and Conditions", + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", }, - "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", "_outcomes": [ { "displayName": "Outcome", @@ -391491,35 +400840,63 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "KbaCreateNode", + "_id": "ProvisionIdmAccountNode", "collection": true, - "name": "KBA Definition", - }, - "allowUserDefinedQuestions": true, - "message": { - "en": "Select a security question", + "name": "Provision IDM Account", }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", }, - "e369853d-f766-3a44-a1ed-0ff613f563bd": { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + "x": 0, + "y": 0, + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + "x": 0, + "y": 0, }, - "usernameAttribute": "userName", - "validateInput": true, }, + "uiConfig": {}, }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-AnonymousUser.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", "_outcomes": [ { "displayName": "Outcome", @@ -391527,33 +400904,59 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "IncrementLoginCountNode", + "_id": "SetSuccessUrlNode", "collection": true, - "name": "Increment Login Count", + "name": "Success URL", }, - "identityAttribute": "userName", + "successUrl": "https://www.forgerock.com/", }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", "_outcomes": [ { - "displayName": "Created", - "id": "CREATED", + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", }, { - "displayName": "Failed", - "id": "FAILURE", + "displayName": "No account exists", + "id": "NO_ACCOUNT", }, ], "_type": { - "_id": "CreateObjectNode", + "_id": "SocialGoogleNode", "collection": true, - "name": "Create Object", + "name": "Social Google", }, - "identityResource": "managed/user", + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", "_outcomes": [ { "displayName": "Outcome", @@ -391561,44 +400964,11 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", + "_id": "AnonymousUserNode", "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "displayName": "KBA Definition", - "nodeType": "KbaCreateNode", - }, - { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "displayName": "Accept Terms and Conditions", - "nodeType": "AcceptTermsAndConditionsNode", - }, - ], - "pageDescription": { - "en": "Signing up is fast and easy.
Already have an account?Sign In", - }, - "pageHeader": { - "en": "Sign Up", + "name": "Anonymous User Mapping", }, - "stage": "null", + "anonymousUserName": "anonymous", }, }, "saml2Entities": {}, @@ -391606,38 +400976,38 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformRegistration", - "description": "Platform Registration Tree", + "_id": "Google-AnonymousUser", + "description": "null", "enabled": true, - "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "1ff1de77-4005-38da-93f4-2943881c655f": { "connections": { "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", "x": 0, "y": 0, }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "4e732ced-3463-306d-a0ca-9a15b6153677": { "connections": { - "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", }, - "displayName": "Create Object", - "nodeType": "CreateObjectNode", + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", "x": 0, "y": 0, }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { "connections": { - "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", "x": 0, "y": 0, }, @@ -391649,16 +401019,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformResetPassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-DynamicAccountCreation.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformResetPassword": { + "Google-DynamicAccountCreation": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "44f683a8-4163-3352-bafe-57c2e008bc8c": { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", "_outcomes": [ { "displayName": "Outcome", @@ -391666,15 +401037,14 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedPasswordNode", + "_id": "ProvisionDynamicAccountNode", "collection": true, - "name": "Platform Password", + "name": "Provision Dynamic Account", }, - "passwordAttribute": "password", - "validateInput": true, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", }, - "66f041e1-6a60-328b-85a7-e228a89c3799": { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", "_outcomes": [ { "displayName": "Outcome", @@ -391682,97 +401052,107 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AttributeCollectorNode", + "_id": "CreatePasswordNode", "collection": true, - "name": "Attribute Collector", + "name": "Create Password", }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, + "minPasswordLength": 0, }, - }, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", }, ], "_type": { - "_id": "PageNode", + "_id": "SocialGoogleNode", "collection": true, - "name": "Page Node", + "name": "Social Google", }, - "nodes": [ - { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Change password", + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", }, - "pageHeader": { - "en": "Reset Password", + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", }, - "stage": "null", + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", "_outcomes": [ { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + "displayName": "Outcome", + "id": "outcome", }, ], "_type": { - "_id": "IdentifyExistingUserNode", + "_id": "OneTimePasswordSmtpSenderNode", "collection": true, - "name": "Identify Existing User", + "name": "OTP Email Sender", }, - "identifier": "userName", - "identityAttribute": "mail", + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "displayName": "Retry", + "id": "Retry", }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "displayName": "Reject", + "id": "Reject", }, ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Reset Password", + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", }, - "stage": "null", + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", "_outcomes": [ { "displayName": "Outcome", @@ -391780,39 +401160,30 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "EmailSuspendNode", + "_id": "OneTimePasswordGeneratorNode", "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + "name": "HOTP Generator", }, - "emailTemplateName": "resetPassword", - "identityAttribute": "mail", - "objectLookup": true, + "length": 8, }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", "_outcomes": [ { - "displayName": "Patched", - "id": "PATCHED", + "displayName": "True", + "id": "true", }, { - "displayName": "Failed", - "id": "FAILURE", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "PatchObjectNode", + "_id": "OneTimePasswordCollectorDecisionNode", "collection": true, - "name": "Patch Object", + "name": "OTP Collector Decision", }, - "identityAttribute": "mail", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, + "passwordExpiryTime": 5, }, }, "saml2Entities": {}, @@ -391820,57 +401191,76 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformResetPassword", - "description": "Reset Password Tree", + "_id": "Google-DynamicAccountCreation", + "description": "null", "enabled": true, - "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { "connections": { - "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", "x": 0, "y": 0, }, - "072b030b-a126-32f4-b237-4f342be9ed44": { + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { "connections": { - "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", "x": 0, "y": 0, }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "33e75ff0-9dd6-31bb-a69f-351039152189": { "connections": { - "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", "x": 0, "y": 0, }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "34173cb3-8f07-389d-9beb-c2ac9128303f": { "connections": { - "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", "x": 0, "y": 0, }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + "x": 0, + "y": 0, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", "x": 0, "y": 0, }, @@ -391882,32 +401272,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/PlatformUpdatePassword.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/HmacOneTimePassword.journey.json 1`] = ` { "meta": Any, "trees": { - "PlatformUpdatePassword": { + "HmacOneTimePassword": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": { - "735b90b4-5681-35ed-ac3f-678819b6e058": { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, - "7cbbc409-ec99-3f19-878c-75bd1e06f215": { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", "_outcomes": [ { "displayName": "Outcome", @@ -391915,17 +401290,14 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "ValidatedPasswordNode", + "_id": "OneTimePasswordGeneratorNode", "collection": true, - "name": "Platform Password", + "name": "HOTP Generator", }, - "passwordAttribute": "password", - "validateInput": true, + "length": 8, }, - }, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", "_outcomes": [ { "displayName": "True", @@ -391937,13 +401309,14 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "OneTimePasswordCollectorDecisionNode", "collection": true, - "name": "Data Store Decision", + "name": "OTP Collector Decision", }, + "passwordExpiryTime": 5, }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", "_outcomes": [ { "displayName": "True", @@ -391955,36 +401328,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AttributePresentDecisionNode", - "collection": true, - "name": "Attribute Present Decision", - }, - "identityAttribute": "userName", - "presentAttribute": "password", - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + "name": "Data Store Decision", }, - "emailTemplateName": "updatePassword", - "identityAttribute": "userName", - "objectLookup": true, }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", "_outcomes": [ { "displayName": "Outcome", @@ -391992,51 +401342,13 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter current password", - }, - "pageHeader": { - "en": "Verify Existing Password", - }, - "stage": "null", - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", + "_id": "PasswordCollectorNode", "collection": true, - "name": "Patch Object", + "name": "Password Collector", }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [ - "userName", - ], - "patchAsObject": true, }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", "_outcomes": [ { "displayName": "Outcome", @@ -392044,27 +401356,27 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PageNode", + "_id": "OneTimePasswordSmtpSenderNode", "collection": true, - "name": "Page Node", + "name": "OTP Email Sender", }, - "nodes": [ - { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter new password", + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", }, - "pageHeader": { - "en": "Update Password", + "emailSubject": { + "en": "Your One Time Password", }, - "stage": "null", + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", "_outcomes": [ { "displayName": "Outcome", @@ -392072,12 +401384,10 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "SessionDataNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "Get Session Data", + "name": "Username Collector", }, - "sessionDataKey": "UserToken", - "sharedStateKey": "userName", }, }, "saml2Entities": {}, @@ -392085,76 +401395,66 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "PlatformUpdatePassword", - "description": "Update password using active session", + "_id": "HmacOneTimePassword", + "description": "null", "enabled": true, - "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { "connections": { - "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", }, - "displayName": "Attribute Present Decision", - "nodeType": "AttributePresentDecisionNode", + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", "x": 0, "y": 0, }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { "connections": { - "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", "x": 0, "y": 0, }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { "connections": { - "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", "x": 0, "y": 0, }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "70efdf2e-c9b0-3607-9795-c442636b55fb": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", "x": 0, "y": 0, }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "98f13708-2101-34c4-b568-7be6106a3b84": { "connections": { - "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", }, - "displayName": "Page Node", - "nodeType": "PageNode", + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", "x": 0, "y": 0, }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { "connections": { - "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", }, - "displayName": "Get Session Data", - "nodeType": "SessionDataNode", + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", "x": 0, "y": 0, }, @@ -392166,17 +401466,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/journey/RetryLimit.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PersistentCookie.journey.json 1`] = ` { "meta": Any, "trees": { - "RetryLimit": { + "PersistentCookie": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": {}, "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", "_outcomes": [ { "displayName": "Outcome", @@ -392189,28 +401489,52 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "name": "Username Collector", }, }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", "_outcomes": [ { - "displayName": "Retry", - "id": "Retry", + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", + }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", }, { - "displayName": "Reject", - "id": "Reject", + "displayName": "False", + "id": "false", }, ], "_type": { - "_id": "RetryLimitDecisionNode", + "_id": "PersistentCookieDecisionNode", "collection": true, - "name": "Retry Limit Decision", + "name": "Persistent Cookie Decision", }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", "_outcomes": [ { "displayName": "Outcome", @@ -392223,8 +401547,8 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "name": "Password Collector", }, }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", "_outcomes": [ { "displayName": "True", @@ -392241,1998 +401565,1122 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "name": "Data Store Decision", }, }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AccountLockoutNode", - "collection": true, - "name": "Account Lockout", - }, - "lockAction": "LOCK", - }, }, "saml2Entities": {}, "scripts": {}, "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "RetryLimit", + "_id": "PersistentCookie", "description": "null", "enabled": true, - "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { "connections": { - "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", }, "displayName": "User Name Collector", "nodeType": "UsernameCollectorNode", "x": 0, "y": 0, }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "connections": { - "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", - "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, - }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { "connections": { - "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", "x": 0, "y": 0, }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "aab32389-22bc-325a-af60-6eb525ffdc56": { "connections": { - "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", "x": 0, "y": 0, }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { "connections": { - "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", }, - "displayName": "Account Lockout", - "nodeType": "AccountLockoutNode", + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", "x": 0, "y": 0, }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/policyset/oauth2Scopes.policyset.json 1`] = ` -{ - "meta": Any, - "policyset": { - "oauth2Scopes": { - "applicationType": "iPlanetAMWebAgentService", - "attributeNames": [], - "conditions": [ - "Script", - "AMIdentityMembership", - "IPv6", - "SimpleTime", - "IPv4", - "LEAuthLevel", - "LDAPFilter", - "AuthScheme", - "Session", - "AND", - "AuthenticateToRealm", - "ResourceEnvIP", - "SessionProperty", - "OAuth2Scope", - "OR", - "Transaction", - "NOT", - "AuthLevel", - "AuthenticateToService", - ], - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1578580064992, - "description": "The built-in Application used by the OAuth2 scope authorization process.", - "displayName": "Default OAuth2 Scopes Policy Set", - "editable": true, - "entitlementCombiner": "DenyOverride", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509788713, - "name": "oauth2Scopes", - "resourceComparator": null, - "resourceTypeUuids": [ - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - ], - "saveIndex": null, - "searchIndex": null, - "subjects": [ - "AuthenticatedUsers", - "NOT", - "Identity", - "OR", - "AND", - "NONE", - "JwtClaim", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { - "actions": { - "GRANT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030586, - "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509788670, - "name": "OAuth2 Scope", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - "*", - ], - "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/resourcetype/URL.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030487, - "description": "The built-in URL Resource Type available to OpenAM Policies.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509788692, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-keystore.secretstore.json 1`] = ` -{ - "meta": Any, - "secretstore": { - "default-keystore": { - "_id": "default-keystore", - "_type": { - "_id": "KeyStoreSecretStore", - "collection": true, - "name": "Keystore", - }, - "file": "/home/prestonhales/am/security/keystores/keystore.jceks", - "keyEntryPassword": "entrypass", - "leaseExpiryDuration": 5, - "mappings": [], - "providerName": "SunJCE", - "storePassword": "storepass", - "storetype": "JCEKS", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/secretstore/default-passwords-store.secretstore.json 1`] = ` -{ - "meta": Any, - "secretstore": { - "default-passwords-store": { - "_id": "default-passwords-store", - "_type": { - "_id": "FileSystemSecretStore", - "collection": true, - "name": "File System Secret Volumes", - }, - "directory": "/home/prestonhales/am/security/secrets/encrypted", - "format": "ENCRYPTED_PLAIN", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/SocialIdentityProviders.service.json 1`] = ` -{ - "meta": Any, - "service": { - "SocialIdentityProviders": { - "_id": "", - "_type": { - "_id": "SocialIdentityProviders", - "collection": false, - "name": "Social Identity Provider Service", - }, - "enabled": true, - "location": "/first", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/id-repositories.service.json 1`] = ` -{ - "meta": Any, - "service": { - "id-repositories": { - "_id": "", - "_type": { - "_id": "id-repositories", - "collection": false, - "name": "sunIdentityRepositoryService", - }, - "location": "/first", - "nextDescendents": [ - { - "_id": "embedded", - "_type": { - "_id": "LDAPv3ForOpenDS", - "collection": true, - "name": "OpenDJ", - }, - "authentication": { - "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", - }, - "cachecontrol": { - "sun-idrepo-ldapv3-dncache-enabled": true, - "sun-idrepo-ldapv3-dncache-size": 1500, - }, - "errorhandling": { - "com.iplanet.am.ldap.connection.delay.between.retries": 1000, - }, - "groupconfig": { - "sun-idrepo-ldapv3-config-group-attributes": [ - "dn", - "cn", - "uniqueMember", - "objectclass", - ], - "sun-idrepo-ldapv3-config-group-container-name": "ou", - "sun-idrepo-ldapv3-config-group-container-value": "groups", - "sun-idrepo-ldapv3-config-group-objectclass": [ - "top", - "groupofuniquenames", - ], - "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", - "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", - "sun-idrepo-ldapv3-config-memberurl": "memberUrl", - "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", - }, - "ldapsettings": { - "openam-idrepo-ldapv3-affinity-level": "all", - "openam-idrepo-ldapv3-behera-support-enabled": true, - "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, - "openam-idrepo-ldapv3-heartbeat-interval": 10, - "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", - "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", - "openam-idrepo-ldapv3-mtls-enabled": false, - "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, - "openam-idrepo-ldapv3-proxied-auth-enabled": false, - "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", - "sun-idrepo-ldapv3-config-authpw": null, - "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", - "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, - "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, - "sun-idrepo-ldapv3-config-ldap-server": [ - "localhost:50636", - "localhost:50636|01", - ], - "sun-idrepo-ldapv3-config-max-result": 1000, - "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", - "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-time-limit": 10, - "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, - }, - "persistentsearch": { - "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", - "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", - }, - "pluginconfig": { - "sunIdRepoAttributeMapping": [], - "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", - "sunIdRepoSupportedOperations": [ - "realm=read,create,edit,delete,service", - "user=read,create,edit,delete,service", - "group=read,create,edit,delete", - ], - }, - "userconfig": { - "sun-idrepo-ldapv3-config-active": "Active", - "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ - "kbaInfoAttempts", - ], - "sun-idrepo-ldapv3-config-auth-kba-attr": [ - "kbaInfo", - ], - "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", - "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ - "cn", - "sn", - ], - "sun-idrepo-ldapv3-config-inactive": "Inactive", - "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", - "sun-idrepo-ldapv3-config-people-container-name": "ou", - "sun-idrepo-ldapv3-config-people-container-value": "people", - "sun-idrepo-ldapv3-config-user-attributes": [ - "iplanet-am-auth-configuration", - "iplanet-am-user-alias-list", - "iplanet-am-user-password-reset-question-answer", - "mail", - "assignedDashboard", - "authorityRevocationList", - "dn", - "iplanet-am-user-password-reset-options", - "employeeNumber", - "createTimestamp", - "kbaActiveIndex", - "caCertificate", - "iplanet-am-session-quota-limit", - "iplanet-am-user-auth-config", - "sun-fm-saml2-nameid-infokey", - "sunIdentityMSISDNNumber", - "iplanet-am-user-password-reset-force-reset", - "sunAMAuthInvalidAttemptsData", - "devicePrintProfiles", - "givenName", - "iplanet-am-session-get-valid-sessions", - "objectClass", - "adminRole", - "inetUserHttpURL", - "lastEmailSent", - "iplanet-am-user-account-life", - "postalAddress", - "userCertificate", - "preferredtimezone", - "iplanet-am-user-admin-start-dn", - "boundDevices", - "oath2faEnabled", - "preferredlanguage", - "sun-fm-saml2-nameid-info", - "userPassword", - "iplanet-am-session-service-status", - "telephoneNumber", - "iplanet-am-session-max-idle-time", - "distinguishedName", - "iplanet-am-session-destroy-sessions", - "kbaInfoAttempts", - "modifyTimestamp", - "uid", - "iplanet-am-user-success-url", - "iplanet-am-user-auth-modules", - "kbaInfo", - "memberOf", - "sn", - "preferredLocale", - "manager", - "iplanet-am-session-max-session-time", - "deviceProfiles", - "cn", - "oathDeviceProfiles", - "webauthnDeviceProfiles", - "iplanet-am-user-login-status", - "pushDeviceProfiles", - "push2faEnabled", - "inetUserStatus", - "retryLimitNodeCount", - "iplanet-am-user-failure-url", - "iplanet-am-session-max-caching-time", - ], - "sun-idrepo-ldapv3-config-user-objectclass": [ - "iplanet-am-managed-person", - "inetuser", - "sunFMSAML2NameIdentifier", - "inetorgperson", - "devicePrintProfilesContainer", - "boundDevicesContainer", - "iplanet-am-user-service", - "iPlanetPreferences", - "pushDeviceProfilesContainer", - "forgerock-am-dashboard-service", - "organizationalperson", - "top", - "kbaInfoContainer", - "person", - "sunAMAuthAccountLockout", - "oathDeviceProfilesContainer", - "webauthnDeviceProfilesContainer", - "iplanet-am-auth-configuration-service", - "deviceProfilesContainer", - ], - "sun-idrepo-ldapv3-config-users-search-attribute": "uid", - "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", - }, - }, - ], - "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", - "sunIdRepoAttributeValidator": [ - "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", - "minimumPasswordLength=8", - "usernameInvalidChars=*|(|)|&|!", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/oauth-oidc.service.json 1`] = ` -{ - "meta": Any, - "service": { - "oauth-oidc": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": false, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:token-exchange", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "changeme", - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "[Empty]", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - ], - "supportedScopes": [], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], - }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": false, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, - }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], - }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", - ], - }, - "consent": { - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": false, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, - }, - "location": "/first", - "nextDescendents": [], - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/service/policyconfiguration.service.json 1`] = ` -{ - "meta": Any, - "service": { - "policyconfiguration": { - "_id": "", - "_type": { - "_id": "policyconfiguration", - "collection": false, - "name": "Policy Configuration", - }, - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "checkIfResourceTypeExists": true, - "connectionPoolMaximumSize": 10, - "connectionPoolMinimumSize": 1, - "ldapServer": [ - "localhost:50636", - ], - "location": "/first", - "maximumSearchResults": 100, - "mtlsEnabled": false, - "nextDescendents": [], - "policyHeartbeatInterval": 10, - "policyHeartbeatTimeUnit": "SECONDS", - "realmSearchFilter": "(objectclass=sunismanagedorganization)", - "searchTimeout": 5, - "sslEnabled": true, - "subjectsResultTTL": 10, - "userAliasEnabled": false, - "usersBaseDn": "dc=openam,dc=forgerock,dc=org", - "usersSearchAttribute": "uid", - "usersSearchFilter": "(objectclass=inetorgperson)", - "usersSearchScope": "SCOPE_SUB", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectAttributes/undefined.subjectAttributes.json 1`] = ` -{ - "meta": Any, - "subjectAttributes": { - "undefined": "iplanet-am-user-login-status", - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AND.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "subjects": { - "type": "array", + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, }, }, - "type": "object", - }, - "logical": true, - "title": "AND", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AuthenticatedUsers": { - "_id": "AuthenticatedUsers", - "config": { - "properties": {}, - "type": "object", + "uiConfig": {}, }, - "logical": false, - "title": "AuthenticatedUsers", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Identity.subjectTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformForgottenUsername.journey.json 1`] = ` { "meta": Any, - "subjectTypes": { - "Identity": { - "_id": "Identity", - "config": { - "properties": { - "subjectValues": { - "items": { - "type": "string", + "trees": { + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, }, - "type": "object", }, - "logical": false, - "title": "Identity", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "JwtClaim": { - "_id": "JwtClaim", - "config": { - "properties": { - "claimName": { - "type": "string", + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", }, - "claimValue": { - "type": "string", + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, }, - "type": "object", - }, - "logical": false, - "title": "JwtClaim", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NONE.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NONE": { - "_id": "NONE", - "config": { - "properties": {}, - "type": "object", - }, - "logical": false, - "title": "NONE", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/NOT.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "subject": { - "properties": {}, - "type": "object", + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", }, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", }, - "type": "object", - }, - "logical": true, - "title": "NOT", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/OR.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "subjects": { - "type": "array", + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", }, + "identityAttribute": "mail", }, - "type": "object", }, - "logical": true, - "title": "OR", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/subjectTypes/Policy.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, }, - "name": { - "type": "string", + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, }, - "values": { - "items": { - "type": "string", + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", }, - "type": "array", + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, }, }, - "type": "object", - }, - "logical": false, - "title": "Policy", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/webhookService/webhooks.webhookService.json 1`] = ` -{ - "meta": Any, - "webhookService": { - "webhooks": { - "_id": "webhooks", - "_type": { - "_id": "webhooks", - "collection": true, - "name": "Webhook Service", - }, - "headers": { - "accept": "*/*", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first/wsEntity/ws.wsEntity.json 1`] = ` -{ - "meta": Any, - "wsEntity": { - "ws": { - "_id": "ws", - "_type": { - "_id": "ws", - "collection": true, - "name": "Entity Descriptor ", - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "iPlanetAMWebAgentService": { - "_id": "iPlanetAMWebAgentService", - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "iPlanetAMWebAgentService", - "resourceComparator": "com.sun.identity.entitlement.URLResourceName", - "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", - "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/sunAMDelegationService.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "sunAMDelegationService": { - "_id": "sunAMDelegationService", - "actions": { - "DELEGATE": true, - "MODIFY": true, - "READ": true, + "uiConfig": {}, }, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "sunAMDelegationService", - "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", - "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", - "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/applicationTypes/umaApplicationType.applicationTypes.json 1`] = ` -{ - "applicationTypes": { - "umaApplicationType": { - "_id": "umaApplicationType", - "actions": {}, - "applicationClassName": "com.sun.identity.entitlement.Application", - "name": "umaApplicationType", - "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", - "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", - "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authentication/root-first-second.authentication.settings.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformLogin.journey.json 1`] = ` { - "authentication": { - "_id": "", - "_type": { - "_id": "EMPTY", - "collection": false, - "name": "Core", - }, - "accountlockout": { - "lockoutDuration": 0, - "lockoutDurationMultiplier": 1, - "lockoutWarnUserCount": 0, - "loginFailureCount": 5, - "loginFailureDuration": 300, - "loginFailureLockoutMode": false, - "storeInvalidAttemptsInDataStore": true, - }, - "core": { - "adminAuthModule": "ldapService", - "orgConfig": "ldapService", - }, - "general": { - "defaultAuthLevel": 0, - "identityType": [ - "agent", - "user", - ], - "locale": "en_US", - "statelessSessionsEnabled": true, - "twoFactorRequired": false, - "userStatusCallbackPlugins": [], - }, - "postauthprocess": { - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [ - "/am/console", - ], - "userAttributeSessionMapping": [], - "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", - "usernameGeneratorEnabled": true, - }, - "security": { - "addClearSiteDataHeader": true, - "moduleBasedAuthEnabled": true, - "sharedSecret": null, - "zeroPageLoginAllowedWithoutReferrer": true, - "zeroPageLoginEnabled": false, - "zeroPageLoginReferrerWhiteList": [], - }, - "trees": { - "authenticationSessionsMaxDuration": 5, - "authenticationSessionsStateManagement": "JWT", - "authenticationSessionsWhitelist": false, - "authenticationTreeCookieHttpOnly": true, - "suspendedAuthenticationTimeout": 5, - }, - "userprofile": { - "aliasAttributeName": [ - "uid", - ], - "defaultRole": [], - "dynamicProfileCreation": "false", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/amsterService.authenticationChains.json 1`] = ` -{ - "authenticationChains": { - "amsterService": { - "_id": "amsterService", - "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", - }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "Amster", - "options": {}, + "trees": { + "PlatformLogin": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, }, - ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationChains/ldapService.authenticationChains.json 1`] = ` -{ - "authenticationChains": { - "ldapService": { - "_id": "ldapService", - "_type": { - "_id": "EMPTY", - "collection": true, - "name": "Authentication Configuration", - }, - "authChainConfiguration": [ - { - "criteria": "REQUIRED", - "module": "DataStore", - "options": {}, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, }, - ], - "loginFailureUrl": [], - "loginPostProcessClass": [], - "loginSuccessUrl": [], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/amster.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "amster": { - "_id": "amster", - "_type": { - "_id": "amster", - "collection": true, - "name": "ForgeRock Amster", - }, - "authenticationLevel": 0, - "authorizedKeys": "/home/prestonhales/am/security/keys/amster/authorized_keys", - "enabled": true, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/datastore.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "datastore": { - "_id": "datastore", - "_type": { - "_id": "datastore", - "collection": true, - "name": "Data Store", - }, - "authenticationLevel": 0, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/federation.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "federation": { - "_id": "federation", - "_type": { - "_id": "federation", - "collection": true, - "name": "Federation", - }, - "authenticationLevel": 0, - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/hotp.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "hotp": { - "_id": "hotp", - "_type": { - "_id": "hotp", - "collection": true, - "name": "HOTP", }, - "authenticationLevel": 0, - "autoSendOTP": false, - "otpDeliveryMethod": "SMS and E-mail", - "otpLength": "8", - "otpMaxRetry": 3, - "otpValidityDuration": 5, - "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "smtpFromAddress": "no-reply@openam.org", - "smtpHostPort": 465, - "smtpHostname": "smtp.gmail.com", - "smtpSslEnabled": "SSL", - "smtpUserPassword": null, - "smtpUsername": "opensso.sun", - "userProfileEmailAttribute": "mail", - "userProfileTelephoneAttribute": "telephoneNumber", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/ldap.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "ldap": { - "_id": "ldap", - "_type": { - "_id": "ldap", - "collection": true, - "name": "LDAP", + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformProgressiveProfile", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", + }, }, - "authenticationLevel": 0, - "beheraPasswordPolicySupportEnabled": true, - "connectionHeartbeatInterval": 10, - "connectionHeartbeatTimeUnit": "SECONDS", - "minimumPasswordLength": "8", - "openam-auth-ldap-connection-mode": "LDAPS", - "operationTimeout": 0, - "primaryLdapServer": [ - "localhost:50636", - ], - "profileAttributeMappings": [], - "returnUserDN": true, - "searchScope": "SUBTREE", - "secondaryLdapServer": [], - "stopLdapbindAfterInmemoryLockedEnabled": false, - "trustAllServerCertificates": false, - "userBindDN": "cn=Directory Manager", - "userBindPassword": null, - "userProfileRetrievalAttribute": "uid", - "userSearchAttributes": [ - "uid", - ], - "userSearchStartDN": [ - "dc=openam,dc=forgerock,dc=org", - ], - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/oath.authenticationModules.json 1`] = ` -{ - "authenticationModules": { - "oath": { - "_id": "oath", - "_type": { - "_id": "oath", - "collection": true, - "name": "OATH", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformLogin", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0, + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, }, - "addChecksum": "False", - "authenticationLevel": 0, - "forgerock-oath-maximum-clock-drift": 0, - "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", - "hotpWindowSize": 100, - "minimumSecretKeyLength": "32", - "oathAlgorithm": "HOTP", - "oathOtpMaxRetry": 3, - "passwordLength": "6", - "stepsInWindow": 2, - "timeStepSize": 30, - "truncationOffset": -1, }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/authenticationModules/sae.authenticationModules.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformProgressiveProfile.journey.json 1`] = ` { - "authenticationModules": { - "sae": { - "_id": "sae", - "_type": { - "_id": "sae", - "collection": true, - "name": "SAE", - }, - "authenticationLevel": 0, - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AMIdentityMembership.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AMIdentityMembership": { - "_id": "AMIdentityMembership", - "config": { - "properties": { - "amIdentityName": { - "items": { - "type": "string", + "trees": { + "PlatformProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, }, - "type": "object", }, - "logical": false, - "title": "AMIdentityMembership", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AND.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "conditions": { - "type": "array", + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision", }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", }, - "type": "object", - }, - "logical": true, - "title": "AND", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthLevel.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthLevel": { - "_id": "AuthLevel", - "config": { - "properties": { - "authLevel": { - "type": "integer", + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", }, + "stage": "null", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision", + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, }, - "type": "object", }, - "logical": false, - "title": "AuthLevel", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthScheme.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthScheme": { - "_id": "AuthScheme", - "config": { - "properties": { - "applicationIdleTimeout": { - "type": "integer", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + "x": 0, + "y": 0, }, - "applicationName": { - "type": "string", + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, }, - "authScheme": { - "items": { - "type": "string", + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", }, - "type": "array", + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + "x": 0, + "y": 0, }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthScheme", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToRealm.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "AuthenticateToRealm": { - "_id": "AuthenticateToRealm", - "config": { - "properties": { - "authenticateToRealm": { - "type": "string", + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, }, }, - "type": "object", + "uiConfig": {}, }, - "logical": false, - "title": "AuthenticateToRealm", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/AuthenticateToService.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformRegistration.journey.json 1`] = ` { - "conditionTypes": { - "AuthenticateToService": { - "_id": "AuthenticateToService", - "config": { - "properties": { - "authenticateToService": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "AuthenticateToService", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv4.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "IPv4": { - "_id": "IPv4", - "config": { - "properties": { - "dnsName": { - "items": { - "type": "string", + "trees": { + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", - }, - "endIp": { - "type": "string", + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", }, - "startIp": { - "type": "string", + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", }, + "passwordAttribute": "password", + "validateInput": true, }, - "type": "object", - }, - "logical": false, - "title": "IPv4", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/IPv6.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "IPv6": { - "_id": "IPv6", - "config": { - "properties": { - "dnsName": { - "items": { - "type": "string", + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", }, - "endIp": { - "type": "string", + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", }, - "startIp": { - "type": "string", + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", }, }, - "type": "object", - }, - "logical": false, - "title": "IPv6", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LDAPFilter.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "LDAPFilter": { - "_id": "LDAPFilter", - "config": { - "properties": { - "ldapFilter": { - "type": "string", + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", }, + "usernameAttribute": "userName", + "validateInput": true, }, - "type": "object", }, - "logical": false, - "title": "LDAPFilter", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/LEAuthLevel.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "LEAuthLevel": { - "_id": "LEAuthLevel", - "config": { - "properties": { - "authLevel": { - "type": "integer", + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", }, + "identityAttribute": "userName", }, - "type": "object", - }, - "logical": false, - "title": "LEAuthLevel", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/NOT.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "condition": { - "properties": {}, - "type": "object", + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", }, + "identityResource": "managed/user", }, - "type": "object", - }, - "logical": true, - "title": "NOT", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OAuth2Scope.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "OAuth2Scope": { - "_id": "OAuth2Scope", - "config": { - "properties": { - "requiredScopes": { - "items": { - "type": "string", + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", }, - "type": "array", + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, - }, - "type": "object", - }, - "logical": false, - "title": "OAuth2Scope", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/OR.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "conditions": { - "type": "array", + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", }, + "stage": "null", }, - "type": "object", }, - "logical": true, - "title": "OR", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Policy.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 0, + "y": 0, }, - "properties": { - "type": "object", + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + "x": 0, + "y": 0, }, - }, - "type": "object", - }, - "logical": false, - "title": "Policy", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/ResourceEnvIP.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "ResourceEnvIP": { - "_id": "ResourceEnvIP", - "config": { - "properties": { - "resourceEnvIPConditionValue": { - "items": { - "type": "string", + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", }, - "type": "array", + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, }, }, - "type": "object", + "uiConfig": {}, }, - "logical": false, - "title": "ResourceEnvIP", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Script.conditionTypes.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformResetPassword.journey.json 1`] = ` { - "conditionTypes": { - "Script": { - "_id": "Script", - "config": { - "properties": { - "scriptId": { - "type": "string", - }, - }, - "type": "object", - }, - "logical": false, - "title": "Script", - }, - }, "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Session.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "Session": { - "_id": "Session", - "config": { - "properties": { - "maxSessionTime": { - "type": "integer", + "trees": { + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", }, - "terminateSession": { - "required": true, - "type": "boolean", + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, }, - "type": "object", }, - "logical": false, - "title": "Session", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SessionProperty.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "SessionProperty": { - "_id": "SessionProperty", - "config": { - "properties": { - "ignoreValueCase": { - "required": true, - "type": "boolean", + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, - "properties": { - "type": "object", + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", }, + "stage": "null", }, - "type": "object", - }, - "logical": false, - "title": "SessionProperty", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/SimpleTime.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "SimpleTime": { - "_id": "SimpleTime", - "config": { - "properties": { - "endDate": { - "type": "string", + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", }, - "endDay": { - "type": "string", + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", }, - "endTime": { - "type": "string", + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", }, - "enforcementTimeZone": { - "type": "string", + "pageHeader": { + "en": "Reset Password", }, - "startDate": { - "type": "string", + "stage": "null", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", }, - "startDay": { - "type": "string", + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", }, - "startTime": { - "type": "string", + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, }, - "type": "object", }, - "logical": false, - "title": "SimpleTime", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/conditionTypes/Transaction.conditionTypes.json 1`] = ` -{ - "conditionTypes": { - "Transaction": { - "_id": "Transaction", - "config": { - "properties": { - "authenticationStrategy": { - "type": "string", + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, }, - "strategySpecifier": { - "type": "string", + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0, + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, }, }, - "type": "object", + "uiConfig": {}, }, - "logical": false, - "title": "Transaction", - }, - }, - "meta": Any, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/decisionCombiners/DenyOverride.decisionCombiners.json 1`] = ` -{ - "decisionCombiners": { - "DenyOverride": { - "_id": "DenyOverride", - "title": "DenyOverride", }, }, - "meta": Any, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Agent.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformUpdatePassword.journey.json 1`] = ` { "meta": Any, "trees": { - "Agent": { + "PlatformUpdatePassword": { "circlesOfTrust": {}, "emailTemplates": {}, - "innerNodes": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { - "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", "_outcomes": [ { "displayName": "True", @@ -394244,32 +402692,147 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "AgentDataStoreDecisionNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Agent Data Store Decision", + "name": "Data Store Decision", }, }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { - "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", "_outcomes": [ { - "displayName": "Has Credentials", + "displayName": "True", "id": "true", }, { - "displayName": "No Credentials", + "displayName": "False", "id": "false", }, ], "_type": { - "_id": "ZeroPageLoginNode", + "_id": "AttributePresentDecisionNode", "collection": true, - "name": "Zero Page Login Collector", + "name": "Attribute Present Decision", }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", }, }, "saml2Entities": {}, @@ -394277,30 +402840,76 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "Agent", - "description": "null", + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", "enabled": true, - "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "a87ff679-a2f3-371d-9181-a67b7542122c": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + "x": 0, + "y": 0, + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", }, - "displayName": "Agent Data Store Decision", - "nodeType": "AgentDataStoreDecisionNode", + "displayName": "Page Node", + "nodeType": "PageNode", "x": 0, "y": 0, }, - "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", "x": 0, "y": 0, }, @@ -394312,17 +402921,17 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Example.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/RetryLimit.journey.json 1`] = ` { "meta": Any, "trees": { - "Example": { + "RetryLimit": { "circlesOfTrust": {}, "emailTemplates": {}, "innerNodes": {}, "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { - "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", "_outcomes": [ { "displayName": "Outcome", @@ -394330,31 +402939,33 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "PasswordCollectorNode", + "_id": "UsernameCollectorNode", "collection": true, - "name": "Password Collector", + "name": "Username Collector", }, }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { - "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", "_outcomes": [ { - "displayName": "True", - "id": "true", + "displayName": "Retry", + "id": "Retry", }, { - "displayName": "False", - "id": "false", + "displayName": "Reject", + "id": "Reject", }, ], "_type": { - "_id": "DataStoreDecisionNode", + "_id": "RetryLimitDecisionNode", "collection": true, - "name": "Data Store Decision", + "name": "Retry Limit Decision", }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { - "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", "_outcomes": [ { "displayName": "Outcome", @@ -394362,32 +402973,43 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl }, ], "_type": { - "_id": "UsernameCollectorNode", + "_id": "PasswordCollectorNode", "collection": true, - "name": "Username Collector", + "name": "Password Collector", }, }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { - "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", "_outcomes": [ { - "displayName": "Has Credentials", + "displayName": "True", "id": "true", }, { - "displayName": "No Credentials", + "displayName": "False", "id": "false", }, ], "_type": { - "_id": "ZeroPageLoginNode", + "_id": "DataStoreDecisionNode", "collection": true, - "name": "Zero Page Login Collector", + "name": "Data Store Decision", }, - "allowWithoutReferer": true, - "passwordHeader": "X-OpenAM-Password", - "referrerWhiteList": [], - "usernameHeader": "X-OpenAM-Username", + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", }, }, "saml2Entities": {}, @@ -394395,25 +403017,44 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "socialIdentityProviders": {}, "themes": [], "tree": { - "_id": "Example", + "_id": "RetryLimit", "description": "null", "enabled": true, - "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", "identityResource": "null", "innerTreeOnly": false, "nodes": { - "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { "connections": { - "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", }, "displayName": "Password Collector", "nodeType": "PasswordCollectorNode", "x": 0, "y": 0, }, - "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, "displayName": "Data Store Decision", @@ -394421,3439 +403062,6957 @@ exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m cl "x": 0, "y": 0, }, - "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "d3d94468-02a4-3259-b55d-38e6d163e820": { "connections": { - "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", "x": 0, "y": 0, }, - "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + }, + "uiConfig": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Test-Tree.journey.json 1`] = ` +{ + "meta": Any, + "trees": { + "Test Tree": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "0254ab35-daea-40db-9a53-44fc06715e48": { + "_id": "0254ab35-daea-40db-9a53-44fc06715e48", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Test Tree", + "enabled": true, + "entryNodeId": "0254ab35-daea-40db-9a53-44fc06715e48", + "innerTreeOnly": false, + "nodes": { + "0254ab35-daea-40db-9a53-44fc06715e48": { "connections": { - "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", - "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", }, - "displayName": "Zero Page Login Collector", - "nodeType": "ZeroPageLoginNode", - "x": 0, - "y": 0, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 150, + "y": 20, + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 447, + "y": 49, + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 577, + "y": 71, + }, + "startNode": { + "x": 50, + "y": 25, + }, + }, + "uiConfig": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/policyset/oauth2Scopes.policyset.json 1`] = ` +{ + "meta": Any, + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790191, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` +{ + "meta": Any, + "resourcetype": { + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790156, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/URL.resourcetype.json 1`] = ` +{ + "meta": Any, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790171, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-keystore.secretstore.json 1`] = ` +{ + "meta": Any, + "secretstore": { + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", + }, + "file": "/home/prestonhales/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-passwords-store.secretstore.json 1`] = ` +{ + "meta": Any, + "secretstore": { + "default-passwords-store": { + "_id": "default-passwords-store", + "_type": { + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", + }, + "directory": "/home/prestonhales/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/SocialIdentityProviders.service.json 1`] = ` +{ + "meta": Any, + "service": { + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "enabled": true, + "location": "/first/second", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/id-repositories.service.json 1`] = ` +{ + "meta": Any, + "service": { + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "location": "/first/second", + "nextDescendents": [ + { + "_id": "embedded", + "_type": { + "_id": "LDAPv3ForOpenDS", + "collection": true, + "name": "OpenDJ", + }, + "authentication": { + "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", + }, + "cachecontrol": { + "sun-idrepo-ldapv3-dncache-enabled": true, + "sun-idrepo-ldapv3-dncache-size": 1500, + }, + "errorhandling": { + "com.iplanet.am.ldap.connection.delay.between.retries": 1000, + }, + "groupconfig": { + "sun-idrepo-ldapv3-config-group-attributes": [ + "dn", + "cn", + "uniqueMember", + "objectclass", + ], + "sun-idrepo-ldapv3-config-group-container-name": "ou", + "sun-idrepo-ldapv3-config-group-container-value": "groups", + "sun-idrepo-ldapv3-config-group-objectclass": [ + "top", + "groupofuniquenames", + ], + "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", + "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", + "sun-idrepo-ldapv3-config-memberurl": "memberUrl", + "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", + }, + "ldapsettings": { + "openam-idrepo-ldapv3-affinity-level": "all", + "openam-idrepo-ldapv3-behera-support-enabled": true, + "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, + "openam-idrepo-ldapv3-heartbeat-interval": 10, + "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", + "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", + "openam-idrepo-ldapv3-mtls-enabled": false, + "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, + "openam-idrepo-ldapv3-proxied-auth-enabled": false, + "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", + "sun-idrepo-ldapv3-config-authpw": null, + "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", + "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, + "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, + "sun-idrepo-ldapv3-config-ldap-server": [ + "localhost:50636", + "localhost:50636|01", + ], + "sun-idrepo-ldapv3-config-max-result": 1000, + "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", + "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-time-limit": 10, + "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + }, + "persistentsearch": { + "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", + "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + }, + "pluginconfig": { + "sunIdRepoAttributeMapping": [], + "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", + "sunIdRepoSupportedOperations": [ + "realm=read,create,edit,delete,service", + "user=read,create,edit,delete,service", + "group=read,create,edit,delete", + ], + }, + "userconfig": { + "sun-idrepo-ldapv3-config-active": "Active", + "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ + "kbaInfoAttempts", + ], + "sun-idrepo-ldapv3-config-auth-kba-attr": [ + "kbaInfo", + ], + "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", + "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ + "cn", + "sn", + ], + "sun-idrepo-ldapv3-config-inactive": "Inactive", + "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", + "sun-idrepo-ldapv3-config-people-container-name": "ou", + "sun-idrepo-ldapv3-config-people-container-value": "people", + "sun-idrepo-ldapv3-config-user-attributes": [ + "iplanet-am-auth-configuration", + "iplanet-am-user-alias-list", + "iplanet-am-user-password-reset-question-answer", + "mail", + "assignedDashboard", + "authorityRevocationList", + "dn", + "iplanet-am-user-password-reset-options", + "employeeNumber", + "createTimestamp", + "kbaActiveIndex", + "caCertificate", + "iplanet-am-session-quota-limit", + "iplanet-am-user-auth-config", + "sun-fm-saml2-nameid-infokey", + "sunIdentityMSISDNNumber", + "iplanet-am-user-password-reset-force-reset", + "sunAMAuthInvalidAttemptsData", + "devicePrintProfiles", + "givenName", + "iplanet-am-session-get-valid-sessions", + "objectClass", + "adminRole", + "inetUserHttpURL", + "lastEmailSent", + "iplanet-am-user-account-life", + "postalAddress", + "userCertificate", + "preferredtimezone", + "iplanet-am-user-admin-start-dn", + "boundDevices", + "oath2faEnabled", + "preferredlanguage", + "sun-fm-saml2-nameid-info", + "userPassword", + "iplanet-am-session-service-status", + "telephoneNumber", + "iplanet-am-session-max-idle-time", + "distinguishedName", + "iplanet-am-session-destroy-sessions", + "kbaInfoAttempts", + "modifyTimestamp", + "uid", + "iplanet-am-user-success-url", + "iplanet-am-user-auth-modules", + "kbaInfo", + "memberOf", + "sn", + "preferredLocale", + "manager", + "iplanet-am-session-max-session-time", + "deviceProfiles", + "cn", + "oathDeviceProfiles", + "webauthnDeviceProfiles", + "iplanet-am-user-login-status", + "pushDeviceProfiles", + "push2faEnabled", + "inetUserStatus", + "retryLimitNodeCount", + "iplanet-am-user-failure-url", + "iplanet-am-session-max-caching-time", + ], + "sun-idrepo-ldapv3-config-user-objectclass": [ + "iplanet-am-managed-person", + "inetuser", + "sunFMSAML2NameIdentifier", + "inetorgperson", + "devicePrintProfilesContainer", + "boundDevicesContainer", + "iplanet-am-user-service", + "iPlanetPreferences", + "pushDeviceProfilesContainer", + "forgerock-am-dashboard-service", + "organizationalperson", + "top", + "kbaInfoContainer", + "person", + "sunAMAuthAccountLockout", + "oathDeviceProfilesContainer", + "webauthnDeviceProfilesContainer", + "iplanet-am-auth-configuration-service", + "deviceProfilesContainer", + ], + "sun-idrepo-ldapv3-config-users-search-attribute": "uid", + "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + }, + }, + ], + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/oauth-oidc.service.json 1`] = ` +{ + "meta": Any, + "service": { + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "location": "/first/second", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/policyconfiguration.service.json 1`] = ` +{ + "meta": Any, + "service": { + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "location": "/first/second", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectAttributes/undefined.subjectAttributes.json 1`] = ` +{ + "meta": Any, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AND.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "subjects": { + "type": "array", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": true, + "title": "AND", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` { "meta": Any, - "trees": { - "Facebook-ProvisionIDMAccount": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialFacebookNode", - "collection": true, - "name": "Social Facebook", - }, - "authenticationIdKey": "id", - "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", - "cfgAccountMapperConfiguration": { - "id": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "first_name": "givenName", - "id": "iplanet-am-user-alias-list", - "last_name": "sn", - "name": "cn", - }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "facebook", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "public_profile,email", - "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", - "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", - }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "subjectTypes": { + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "AuthenticatedUsers", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Identity.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "Identity": { + "_id": "Identity", + "config": { + "properties": { + "subjectValues": { + "items": { + "type": "string", }, - ], - "_type": { - "_id": "ProvisionIdmAccountNode", - "collection": true, - "name": "Provision IDM Account", + "type": "array", }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Facebook-ProvisionIDMAccount", - "description": "null", - "enabled": true, - "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", - }, - "displayName": "Facebook Social Authentication", - "nodeType": "SocialFacebookNode", - "x": 0, - "y": 0, + "logical": false, + "title": "Identity", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "JwtClaim": { + "_id": "JwtClaim", + "config": { + "properties": { + "claimName": { + "type": "string", }, - "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Provision IDM Account", - "nodeType": "ProvisionIdmAccountNode", - "x": 0, - "y": 0, + "claimValue": { + "type": "string", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "JwtClaim", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-AnonymousUser.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NONE.subjectTypes.json 1`] = ` { "meta": Any, - "trees": { - "Google-AnonymousUser": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "_id": "1ff1de77-4005-38da-93f4-2943881c655f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SetSuccessUrlNode", - "collection": true, - "name": "Success URL", - }, - "successUrl": "https://www.forgerock.com/", - }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", - }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", - }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", + "subjectTypes": { + "NONE": { + "_id": "NONE", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "NONE", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NOT.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "subject": { + "properties": {}, + "type": "object", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AnonymousUserNode", - "collection": true, - "name": "Anonymous User Mapping", + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/OR.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "subjects": { + "type": "array", }, - "anonymousUserName": "anonymous", }, + "type": "object", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-AnonymousUser", - "description": "null", - "enabled": true, - "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1ff1de77-4005-38da-93f4-2943881c655f": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Set Success URL", - "nodeType": "SetSuccessUrlNode", - "x": 0, - "y": 0, + "logical": true, + "title": "OR", + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Policy.subjectTypes.json 1`] = ` +{ + "meta": Any, + "subjectTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", }, - "4e732ced-3463-306d-a0ca-9a15b6153677": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", - }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, + "name": { + "type": "string", }, - "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { - "connections": { - "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + "values": { + "items": { + "type": "string", }, - "displayName": "Map to Anonymous User", - "nodeType": "AnonymousUserNode", - "x": 0, - "y": 0, + "type": "array", }, }, - "uiConfig": {}, + "type": "object", }, + "logical": false, + "title": "Policy", }, }, } `; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Google-DynamicAccountCreation.journey.json 1`] = ` +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/webhookService/webhooks.webhookService.json 1`] = ` { "meta": Any, - "trees": { - "Google-DynamicAccountCreation": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ProvisionDynamicAccountNode", - "collection": true, - "name": "Provision Dynamic Account", - }, - "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "webhookService": { + "webhooks": { + "_id": "webhooks", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "headers": { + "accept": "*/*", + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/wsEntity/ws.wsEntity.json 1`] = ` +{ + "meta": Any, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export -aD exportAllTestDir12 -f testExportAllIdm.config.json -m idm": should export all IDM config to a single file. 1`] = `""`; + +exports[`frodo config export "frodo config export -aD exportAllTestDir12 -f testExportAllIdm.config.json -m idm": should export all IDM config to a single file.: exportAllTestDir12/testExportAllIdm.config.json 1`] = ` +{ + "global": { + "emailTemplate": { + "forgottenUsername": { + "_id": "emailTemplate/forgottenUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

", }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "CreatePasswordNode", - "collection": true, - "name": "Create Password", - }, - "minPasswordLength": 0, + "mimeType": "text/html", + "subject": { + "en": "Account Information - username", + "fr": "Informations sur le compte - nom d'utilisateur", }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", - "_outcomes": [ - { - "displayName": "Account exists", - "id": "ACCOUNT_EXISTS", - }, - { - "displayName": "No account exists", - "id": "NO_ACCOUNT", - }, - ], - "_type": { - "_id": "SocialGoogleNode", - "collection": true, - "name": "Social Google", + }, + "registration": { + "_id": "emailTemplate/registration", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

", + }, + "mimeType": "text/html", + "subject": { + "en": "Register new account", + "fr": "Créer un nouveau compte", + }, + }, + "resetPassword": { + "_id": "emailTemplate/resetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Click to reset your password

Password reset link

", + "fr": "

Cliquez pour réinitialiser votre mot de passe

Mot de passe lien de réinitialisation

", + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password", + "fr": "Réinitialisez votre mot de passe", + }, + }, + "updatePassword": { + "_id": "emailTemplate/updatePassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Verify email to update password

Update password link

", + }, + "mimeType": "text/html", + "subject": { + "en": "Update your password", + }, + }, + "welcome": { + "_id": "emailTemplate/welcome", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Welcome to OpenIDM. Your username is '{{object.userName}}'.

", + "fr": "

Bienvenue sur OpenIDM. Votre nom d'utilisateur est '{{object.userName}}'.

", + }, + "mimeType": "text/html", + "subject": { + "en": "Your account has been created", + "fr": "Votre compte vient d’être créé !", + }, + }, + }, + "idm": { + "access": { + "_id": "access", + "configs": [ + { + "actions": "", + "methods": "read", + "pattern": "health", + "roles": "*", }, - "authenticationIdKey": "sub", - "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", - "basicAuth": true, - "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", - "cfgAccountMapperConfiguration": { - "sub": "iplanet-am-user-alias-list", + { + "actions": "*", + "methods": "read", + "pattern": "info/*", + "roles": "*", }, - "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", - "cfgAttributeMappingClasses": [ - "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", - ], - "cfgAttributeMappingConfiguration": { - "email": "mail", - "family_name": "sn", - "given_name": "givenName", - "name": "cn", - "sub": "iplanet-am-user-alias-list", + { + "actions": "login,logout", + "methods": "read,action", + "pattern": "authentication", + "roles": "*", }, - "cfgMixUpMitigation": false, - "clientId": "aClientId", - "clientSecret": null, - "provider": "google", - "redirectURI": "http://localhost:8080/am", - "saveUserAttributesToSession": true, - "scopeString": "profile email", - "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", - "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", - }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", + { + "actions": "validate", + "methods": "action", + "pattern": "util/validateQueryFilter", + "roles": "*", }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/themeconfig", + "roles": "*", }, - "emailSubject": { - "en": "Your One Time Password", + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/theme-*", + "roles": "*", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", - }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "_outcomes": [ - { - "displayName": "Retry", - "id": "Retry", - }, - { - "displayName": "Reject", - "id": "Reject", - }, - ], - "_type": { - "_id": "RetryLimitDecisionNode", - "collection": true, - "name": "Retry Limit Decision", + { + "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled(['registration', 'passwordReset'])", + "methods": "read", + "pattern": "config/selfservice/kbaConfig", + "roles": "*", }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, - }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/dashboard", + "roles": "internal/role/openidm-authorized", }, - "length": 8, - }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", + { + "actions": "*", + "methods": "query", + "pattern": "info/features", + "roles": "*", }, - "passwordExpiryTime": 5, + { + "actions": "listPrivileges", + "methods": "action", + "pattern": "privilege", + "roles": "*", + }, + { + "actions": "*", + "methods": "read", + "pattern": "privilege/*", + "roles": "*", + }, + { + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/termsAndConditions", + "roles": "*", + }, + { + "actions": "submitRequirements", + "methods": "read,action", + "pattern": "selfservice/kbaUpdate", + "roles": "*", + }, + { + "actions": "", + "customAuthz": "isMyProfile()", + "methods": "read,query", + "pattern": "profile/*", + "roles": "*", + }, + { + "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled('kba')", + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/openidm-authorized", + }, + { + "customAuthz": "checkIfApiRequest()", + "methods": "read", + "pattern": "*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "excludePatterns": "repo,repo/*", + "methods": "*", + "pattern": "*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "", + "methods": "create,read,update,delete,patch,query", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "methods": "script", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "test,testConfig,createconfiguration,liveSync,authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo/*", + "roles": "internal/role/openidm-admin", + }, + { + "actions": "command", + "customAuthz": "request.additionalParameters.commandId === 'delete-mapping-links'", + "methods": "action", + "pattern": "repo/link", + "roles": "internal/role/openidm-admin", + }, + { + "methods": "create,read,query,patch", + "pattern": "managed/*", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read,query", + "pattern": "internal/role/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "create,read,action,update", + "pattern": "profile/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/platform-provisioning", + }, + { + "methods": "read", + "pattern": "selfservice/terms", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "sendTemplate", + "methods": "action", + "pattern": "external/email", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/platform-provisioning", + }, + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "reauthenticate", + "methods": "action", + "pattern": "authentication", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "bind,unbind", + "customAuthz": "ownDataOnly()", + "methods": "read,action,delete", + "pattern": "*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', []) && reauthIfProtectedAttributeChange()", + "methods": "update,patch,action", + "pattern": "*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "read", + "pattern": "endpoint/getprocessesforuser", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "methods": "query", + "pattern": "endpoint/gettasksview", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "complete", + "customAuthz": "isMyTask()", + "methods": "action", + "pattern": "workflow/taskinstance/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "canUpdateTask()", + "methods": "read,update", + "pattern": "workflow/taskinstance/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "isAllowedToStartProcess()", + "methods": "create", + "pattern": "workflow/processinstance", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "read", + "methods": "*", + "pattern": "workflow/processdefinition/*", + "roles": "internal/role/openidm-authorized", + }, + { + "customAuthz": "restrictPatchToFields(['password'])", + "methods": "patch", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-cert", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_meta', false)", + "methods": "read", + "pattern": "internal/usermeta/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_notifications', true)", + "methods": "read,delete", + "pattern": "internal/notification/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['idps','_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-authorized", + }, + { + "actions": "deleteNotificationsForTarget", + "customAuthz": "request.additionalParameters.target === (context.security.authorization.component + '/' + context.security.authorization.id)", + "methods": "action", + "pattern": "notification", + "roles": "internal/role/openidm-authorized", + }, + ], + }, + "apiVersion": { + "_id": "apiVersion", + "warning": { + "enabled": { + "$bool": "&{openidm.apiVersion.warning.enabled|false}", + }, + "includeScripts": { + "$bool": "&{openidm.apiVersion.warning.includeScripts|false}", + }, + "logFilterResourcePaths": [ + "audit", + "authentication", + "cluster", + "config", + "consent", + "csv", + "external/rest", + "identityProviders", + "info", + "internal", + "internal/role", + "internal/user", + "internal/usermeta", + "managed", + "managed/assignment", + "managed/organization", + "managed/role", + "managed/user", + "notification", + "policy", + "privilege", + "profile", + "recon", + "recon/assoc", + "repo", + "selfservice/kba", + "selfservice/terms", + "scheduler/job", + "scheduler/trigger", + "schema", + "sync", + "sync/mappings", + "system", + "taskscanner", + ], }, }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Google-DynamicAccountCreation", - "description": "null", - "enabled": true, - "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Provision Dynamic Account", - "nodeType": "ProvisionDynamicAccountNode", - "x": 0, - "y": 0, - }, - "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { - "connections": { - "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "audit": { + "_id": "audit", + "auditServiceConfig": { + "availableAuditEventHandlers": [ + "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", + "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", + "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", + "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler", + ], + "caseInsensitiveFields": [ + "/access/http/request/headers", + "/access/http/response/headers", + ], + "filterPolicies": { + "field": { + "excludeIf": [], + "includeIf": [], }, - "displayName": "Create Password", - "nodeType": "CreatePasswordNode", - "x": 0, - "y": 0, }, - "33e75ff0-9dd6-31bb-a69f-351039152189": { - "connections": { - "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "handlerForQueries": "json", + }, + "eventHandlers": [ + { + "class": "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "config": { + "buffering": { + "maxSize": 100000, + "writeInterval": "100 millis", + }, + "enabled": { + "$bool": "&{openidm.audit.handler.json.enabled|true}", + }, + "logDirectory": "&{idm.data.dir}/audit", + "name": "json", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, - "displayName": "Google Social Authentication", - "nodeType": "SocialGoogleNode", - "x": 0, - "y": 0, }, - "34173cb3-8f07-389d-9beb-c2ac9128303f": { - "connections": { - "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + { + "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.stdout.enabled|false}", + }, + "name": "stdout", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 0, - "y": 0, }, - "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { - "connections": { - "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", - "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + { + "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "config": { + "enabled": { + "$bool": "&{openidm.audit.handler.repo.enabled|false}", + }, + "name": "repo", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config", + ], }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, }, - "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { - "connections": { - "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + ], + "eventTopics": { + "activity": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 0, - "y": 0, + "passwordFields": [ + "password", + ], + "watchedFields": [], }, - "c16a5320-fa47-3530-9958-3c34fd356ef5": { - "connections": { - "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", - "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "config": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action", + ], }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 0, - "y": 0, }, }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/HmacOneTimePassword.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "HmacOneTimePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "OneTimePasswordGeneratorNode", - "collection": true, - "name": "HOTP Generator", - }, - "length": 8, + "exceptionFormatter": { + "file": "bin/defaults/script/audit/stacktraceFormatter.js", + "type": "text/javascript", }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, + }, + "authentication": { + "_id": "authentication", + "serverAuthContext": { + "authModules": [ { - "displayName": "False", - "id": "false", + "enabled": true, + "name": "STATIC_USER", + "properties": { + "defaultUserRoles": [ + "internal/role/openidm-reg", + ], + "password": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "fzE1J3P9LZOmuCuecCDnaQ==", + "iv": "nhI8UHymNRChGIyOC+5Sag==", + "keySize": 32, + "mac": "XfF7VE/o5Shv6AqW1Xe3TQ==", + "purpose": "idm.config.encryption", + "salt": "v0NHakffrjBJNL3zjhEOtg==", + "stableId": "openidm-sym-default", + }, + }, + }, + "queryOnResource": "internal/user", + "username": "anonymous", + }, }, - ], - "_type": { - "_id": "OneTimePasswordCollectorDecisionNode", - "collection": true, - "name": "OTP Collector Decision", - }, - "passwordExpiryTime": 5, - }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", - "_outcomes": [ { - "displayName": "True", - "id": "true", + "enabled": true, + "name": "STATIC_USER", + "properties": { + "defaultUserRoles": [ + "internal/role/openidm-authorized", + "internal/role/openidm-admin", + ], + "password": "&{openidm.admin.password}", + "queryOnResource": "internal/user", + "username": "openidm-admin", + }, }, { - "displayName": "False", - "id": "false", + "enabled": true, + "name": "MANAGED_USER", + "properties": { + "augmentSecurityContext": { + "source": "var augmentYield = require('auth/customAuthz').setProtectedAttributes(security);require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, 'privileges', 'privilegeAssignments', augmentYield);", + "type": "text/javascript", + }, + "defaultUserRoles": [ + "internal/role/openidm-authorized", + ], + "propertyMapping": { + "additionalUserFields": [ + "adminOfOrg", + "ownerOfOrg", + ], + "authenticationId": "username", + "userCredential": "password", + "userRoles": "authzRoles", + }, + "queryId": "credential-query", + "queryOnResource": "managed/user", + }, }, ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "sessionModule": { + "name": "JWT_SESSION", + "properties": { + "enableDynamicRoles": false, + "isHttpOnly": true, + "maxTokenLifeMinutes": 120, + "sessionOnly": true, + "tokenIdleTimeMinutes": 30, }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", }, }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "_id": "98f13708-2101-34c4-b568-7be6106a3b84", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + }, + "cluster": { + "_id": "cluster", + "enabled": true, + "instanceCheckInInterval": 5000, + "instanceCheckInOffset": 0, + "instanceId": "&{openidm.node.id}", + "instanceRecoveryTimeout": 30000, + "instanceTimeout": 30000, + }, + "endpoint/getavailableuserstoassign": { + "_id": "endpoint/getavailableuserstoassign", + "file": "workflow/getavailableuserstoassign.js", + "type": "text/javascript", + }, + "endpoint/getprocessesforuser": { + "_id": "endpoint/getprocessesforuser", + "file": "workflow/getprocessesforuser.js", + "type": "text/javascript", + }, + "endpoint/gettasksview": { + "_id": "endpoint/gettasksview", + "file": "workflow/gettasksview.js", + "type": "text/javascript", + }, + "endpoint/mappingDetails": { + "_id": "endpoint/mappingDetails", + "context": "endpoint/mappingDetails", + "file": "mappingDetails.js", + "type": "text/javascript", + }, + "endpoint/oauthproxy": { + "_id": "endpoint/oauthproxy", + "context": "endpoint/oauthproxy", + "file": "oauthProxy.js", + "type": "text/javascript", + }, + "endpoint/removeRepoPathFromRelationships": { + "_id": "endpoint/removeRepoPathFromRelationships", + "file": "update/removeRepoPathFromRelationships.js", + "type": "text/javascript", + }, + "endpoint/repairMetadata": { + "_id": "endpoint/repairMetadata", + "file": "meta/metadataScanner.js", + "type": "text/javascript", + }, + "endpoint/updateInternalUserAndInternalRoleEntries": { + "_id": "endpoint/updateInternalUserAndInternalRoleEntries", + "file": "update/updateInternalUserAndInternalRoleEntries.js", + "type": "text/javascript", + }, + "endpoint/validateQueryFilter": { + "_id": "endpoint/validateQueryFilter", + "context": "util/validateQueryFilter", + "source": "try { org.forgerock.openidm.query.StringQueryFilters.parse(request.content._queryFilter).accept(new org.forgerock.util.query.MapFilterVisitor(), null); } catch (e) { throw { 'code' : 400, 'message' : e.message } };", + "type": "text/javascript", + }, + "external.rest": { + "_id": "external.rest", + "hostnameVerifier": "&{openidm.external.rest.hostnameVerifier}", + }, + "internal": { + "_id": "internal", + "objects": [ + { + "name": "role", + "properties": { + "authzMembers": { + "items": { + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + }, + }, }, - ], - "_type": { - "_id": "OneTimePasswordSmtpSenderNode", - "collection": true, - "name": "OTP Email Sender", - }, - "emailAttribute": "mail", - "emailContent": { - "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", - }, - "emailSubject": { - "en": "Your One Time Password", }, - "fromEmailAddress": "admin@example.com", - "hostName": "mail.example.com", - "hostPort": 25, - "password": null, - "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", - "sslOption": "SSL", - "username": "admin@example.com", - }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + { + "name": "notification", + "properties": { + "target": { + "reversePropertyName": "_notifications", + }, }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", }, - }, + ], }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "HmacOneTimePassword", - "description": "null", - "enabled": true, - "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { - "connections": { - "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", + "managed": { + "_id": "managed", + "objects": [ + { + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync", }, - "displayName": "HOTP Generator", - "nodeType": "OneTimePasswordGeneratorNode", - "x": 0, - "y": 0, - }, - "3c59dc04-8e88-3024-bbe8-079a5c74d079": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "meta": { + "property": "_meta", + "resourceCollection": "internal/usermeta", + "trackedProperties": [ + "createDate", + "lastChanged", + ], + }, + "name": "user", + "notifications": { + "property": "_notifications", + }, + "postDelete": { + "source": "require('postDelete-idp-cleanup').removeConnectedIdpData(oldObject, resourceName, request);require('postDelete-notification-cleanup').removeConnectedNotificationData(oldObject, resourceName, request);", + "type": "text/javascript", + }, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "sn", + "mail", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "activeDate", + "inactiveDate", + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false, + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "policies": [ + { + "params": { + "regexp": "^(active|inactive)$", + }, + "policyId": "regexpMatches", + }, + ], + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "activeDate": { + "description": "Active Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": false, + "title": "Active Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Authorization Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "city": { + "description": "City", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "order": [ + "mapping", + "consentDate", + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "format": "datetime", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "mapping", + "consentDate", + ], + "title": "Consented Mapping", + "type": "object", + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "country": { + "description": "Country", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "description": { + "description": "Description", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "queryConfig": { + "referencedObjectFields": [ + "*", + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments", + ], + [ + "assignments", + ], + ], + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object", + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles", + ], + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false, + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "inactiveDate": { + "description": "Inactive Date", + "format": "datetime", + "isPersonal": false, + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "searchable": false, + "title": "Inactive Date", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId", + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string", + }, + "customQuestion": { + "description": "Custom question", + "type": "string", + }, + "questionId": { + "description": "Question ID", + "type": "string", + }, + }, + "required": [], + "title": "KBA Info Items", + "type": "object", + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp", + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object", + }, + "title": "Effective Assignments", + "type": "array", + }, + "timestamp": { + "description": "Timestamp", + "policies": [ + { + "policyId": "valid-datetime", + }, + ], + "type": "string", + }, + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false, + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Manager _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "memberOfOrg", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "password": { + "description": "Password", + "encryption": { + "purpose": "idm.password.encryption", + }, + "isPersonal": false, + "isProtected": true, + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", + }, + { + "params": { + "numCaps": 1, + }, + "policyId": "at-least-X-capitals", + }, + { + "params": { + "numNums": 1, + }, + "policyId": "at-least-X-numbers", + }, + { + "params": { + "disallowedFields": [ + "userName", + "givenName", + "sn", + ], + }, + "policyId": "cannot-contain-others", + }, + ], + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false, + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing", + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean", + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean", + }, + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Direct Reports Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true, + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "policies": [ + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + "userName": { + "description": "Username", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-username", + }, + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "params": { + "minLength": 1, + }, + "policyId": "minimum-length", + }, + { + "params": { + "maxLength": 255, + }, + "policyId": "maximum-length", + }, + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true, + }, + }, + "required": [ + "userName", + "givenName", + "sn", + "mail", + ], + "title": "User", + "type": "object", + "viewable": true, }, - "displayName": "OTP Collector Decision", - "nodeType": "OneTimePasswordCollectorDecisionNode", - "x": 0, - "y": 0, }, - "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + { + "name": "role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "condition", + "temporalConstraints", + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Assignments Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/assignment", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Role Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true, + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique", + }, + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration", + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string", + }, + }, + "required": [ + "duration", + ], + "title": "Temporal Constraints Items", + "type": "object", + }, + "notifyRelationships": [ + "members", + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Role", + "type": "object", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, }, - "70efdf2e-c9b0-3607-9795-c442636b55fb": { - "connections": { - "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + { + "attributeEncryption": {}, + "name": "assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight", + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false, + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value", + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string", + }, + "name": { + "description": "Name", + "type": "string", + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string", + }, + "value": { + "description": "Value", + "type": "string", + }, + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object", + }, + "notifyRelationships": [ + "roles", + "members", + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true, + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false, + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true, + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string", + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true, + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists", + }, + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true, + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string", + }, + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Assignment Members Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true, + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true, + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string", + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string", + }, + }, + "title": "Managed Roles Items _refProperties", + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/role", + "query": { + "fields": [ + "name", + ], + "queryFilter": "true", + }, + }, + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members", + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null", + ], + "viewable": true, + }, + }, + "required": [ + "name", + "description", + "mapping", + ], + "title": "Assignment", + "type": "object", }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, }, - "98f13708-2101-34c4-b568-7be6106a3b84": { - "connections": { - "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + { + "name": "organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs", + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "admins", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true, + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + ], + "referencedRelationshipFields": [ + "owners", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/user", + "query": { + "fields": [ + "userName", + "givenName", + "sn", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true, + }, + "notifyRelationships": [ + "children", + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true, + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members", + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string", + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string", + }, + }, + "type": "object", + }, + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/organization", + "query": { + "fields": [ + "name", + "description", + ], + "queryFilter": "true", + "sortKeys": [], + }, + }, + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true, + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false, + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string", + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs", + ], + "referencedRelationshipFields": [ + "parent", + ], + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false, + }, + }, + "required": [ + "name", + ], + "title": "Organization", + "type": "object", }, - "displayName": "OTP Email Sender", - "nodeType": "OneTimePasswordSmtpSenderNode", - "x": 0, - "y": 0, }, - "c74d97b0-1eae-357e-84aa-9d5bade97baf": { - "connections": { - "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + { + "name": "seantestmanagedobject", + "schema": { + "description": null, + "icon": "fa-database", + "mat-icon": null, + "title": null, }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, }, - }, - "uiConfig": {}, + ], }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PersistentCookie.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PersistentCookie": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", - }, - }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SetPersistentCookieNode", - "collection": true, - "name": "Set Persistent Cookie", - }, - "hmacSigningKey": null, - "idleTimeout": 5, - "maxLife": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, - }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "PersistentCookieDecisionNode", - "collection": true, - "name": "Persistent Cookie Decision", - }, - "enforceClientIp": false, - "hmacSigningKey": null, - "idleTimeout": 5, - "persistentCookieName": "session-jwt", - "useHttpOnlyCookie": true, - "useSecureCookie": false, - }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", + "metrics": { + "_id": "metrics", + "enabled": false, + }, + "notification/passwordUpdate": { + "_id": "notification/passwordUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "password", + ], }, + "type": "groovy", }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, + "enabled": { + "$bool": "&{openidm.notifications.passwordUpdate|false}", }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PersistentCookie", - "description": "null", - "enabled": true, - "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { - "connections": { - "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", - }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, - }, - "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Set Persistent Cookie", - "nodeType": "SetPersistentCookieNode", - "x": 0, - "y": 0, - }, - "aab32389-22bc-325a-af60-6eb525ffdc56": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Persistent Cookie Decision", - "nodeType": "PersistentCookieDecisionNode", - "x": 0, - "y": 0, - }, - "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { - "connections": { - "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, - }, - "c51ce410-c124-310e-8db5-e4b97fc2af39": { - "connections": { - "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", - "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your password has been updated.", + "notificationType": "info", }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformForgottenUsername.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformForgottenUsername": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "d82c8d16-19ad-3176-9665-453cfb2e55f0": { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", }, }, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "InnerTreeEvaluatorNode", - "collection": true, - "name": "Inner Tree Evaluator", - }, - "tree": "PlatformLogin", - }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + "notification/profileUpdate": { + "_id": "notification/profileUpdate", + "condition": { + "file": "propertiesModifiedFilter.groovy", + "globals": { + "propertiesToCheck": [ + "userName", + "givenName", + "sn", + "mail", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "preferences", + ], }, - "emailTemplateName": "forgottenUsername", - "identityAttribute": "mail", - "objectLookup": true, + "type": "groovy", }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "_id": "a684ecee-e76f-3522-b732-86a895bc8436", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Forgotten Username", - }, - "stage": "null", + "enabled": { + "$bool": "&{openidm.notifications.profileUpdate|false}", }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", - }, - "identityAttribute": "mail", + "methods": [ + "update", + "patch", + ], + "notification": { + "message": "Your profile has been updated.", + "notificationType": "info", }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformForgottenUsername", - "description": "Forgotten Username Tree", - "enabled": true, - "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, - }, - "9f61408e-3afb-333e-90cd-f1b20de6f466": { - "connections": { - "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "a684ecee-e76f-3522-b732-86a895bc8436": { - "connections": { - "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { - "connections": { - "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", - "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", - }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, - }, + "path": "managed/user/*", + "target": { + "resource": "managed/user/{{response/_id}}", }, - "uiConfig": {}, }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformLogin.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformLogin": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "642e92ef-b794-3173-8881-b53e1e1b18b6": { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, + "notificationFactory": { + "_id": "notificationFactory", + "enabled": { + "$bool": "&{openidm.notifications|false}", }, - "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", - }, - "usernameAttribute": "userName", - "validateInput": false, + "threadPool": { + "maxPoolThreads": 2, + "maxQueueSize": 20000, + "steadyPoolThreads": 1, + "threadKeepAlive": 60, }, }, - "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "_id": "2838023a-778d-3aec-9c21-2708f721b788", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "policy": { + "_id": "policy", + "additionalFiles": [], + "file": "policy.js", + "resources": [ + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getRegistrationProperties()", + "type": "text/javascript", }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", + "resource": "selfservice/registration", }, - "identityAttribute": "userName", - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", + { + "calculatedProperties": { + "source": "require('selfServicePolicies').getResetProperties()", + "type": "text/javascript", }, - ], - "_type": { - "_id": "InnerTreeEvaluatorNode", - "collection": true, - "name": "Inner Tree Evaluator", + "resource": "selfservice/reset", }, - "tree": "PlatformProgressiveProfile", - }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", + { + "properties": [ + { + "name": "_id", + "policies": [ + { + "params": { + "forbiddenChars": [ + "/", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + }, + { + "name": "password", + "policies": [ + { + "params": { + "minLength": 8, + }, + "policyId": "minimum-length", + }, + ], + }, + ], + "resource": "internal/user/*", }, - }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + ], + }, + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", + }, + ], + }, + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + }, + { + "name": "privileges", + "policies": [ + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "params": { + "properties": [ + { + "name": "name", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "string", + ], + }, + "policyId": "valid-type", + }, + ], + }, + { + "name": "path", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "forbiddenChars": [ + "/*", + ], + }, + "policyId": "cannot-contain-characters", + }, + { + "policyId": "valid-privilege-path", + }, + ], + }, + { + "name": "accessFlags", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-accessFlags-object", + }, + ], + }, + { + "name": "actions", + "policies": [ + { + "policyId": "required", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + ], + }, + { + "name": "permissions", + "policies": [ + { + "policyId": "required", + }, + { + "policyId": "not-empty", + }, + { + "params": { + "types": [ + "array", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-permissions", + }, + ], + }, + { + "name": "filter", + "policies": [ + { + "params": { + "types": [ + "string", + "null", + ], + }, + "policyId": "valid-type", + }, + { + "policyId": "valid-query-filter", + }, + ], + }, + ], + }, + "policyId": "valid-array-items", + }, + ], + }, + ], + "resource": "internal/role/*", }, - "nodes": [ - { - "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "New here? Create an account
Forgot username? Forgot password?", + { + "properties": [ + { + "name": "temporalConstraints", + "policies": [ + { + "policyId": "valid-temporal-constraints", + }, + ], + }, + { + "name": "condition", + "policies": [ + { + "policyId": "valid-query-filter", + }, + ], + }, + ], + "resource": "managed/role/*", }, - "pageHeader": { - "en": "Sign In", + { + "properties": [ + { + "name": "objects", + "policies": [ + { + "policyId": "valid-event-scripts", + }, + ], + }, + ], + "resource": "config/managed", }, - "stage": "null", - }, + ], + "type": "text/javascript", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformLogin", - "description": "Platform Login Tree", - "enabled": true, - "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "2838023a-778d-3aec-9c21-2708f721b788": { - "connections": { - "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", - }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Inner Tree Evaluator", - "nodeType": "InnerTreeEvaluatorNode", - "x": 0, - "y": 0, - }, - "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "2838023a-778d-3aec-9c21-2708f721b788", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "f457c545-a9de-388f-98ec-ee47145a72c0": { - "connections": { - "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "privilegeAssignments": { + "_id": "privilegeAssignments", + "privilegeAssignments": [ + { + "name": "ownerPrivileges", + "privileges": [ + "owner-view-update-delete-orgs", + "owner-create-orgs", + "owner-view-update-delete-admins-and-members", + "owner-create-admins", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "ownerOfOrg", }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformProgressiveProfile.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformProgressiveProfile": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", + { + "name": "adminPrivileges", + "privileges": [ + "admin-view-update-delete-orgs", + "admin-create-orgs", + "admin-view-update-delete-members", + "admin-create-members", + ], + "relationshipField": "adminOfOrg", }, - "attributesToCollect": [ - "preferences/updates", - "preferences/marketing", - ], - "identityAttribute": "userName", - "required": false, - "validateInputs": false, - }, + ], }, - "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { - "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "QueryFilterDecisionNode", - "collection": true, - "name": "Query Filter Decision", - }, - "identityAttribute": "userName", - "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", - }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { - "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", + "privileges": { + "_id": "privileges", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/ownerIDs eq "{{_id}}" or /parentOwnerIDs eq "{{_id}}"", + "name": "owner-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, - "nodes": [ - { - "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - ], - "pageDescription": {}, - "pageHeader": { - "en": "Please select your preferences", + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": false, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], }, - "stage": "null", - }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { - "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "LoginCountDecisionNode", - "collection": true, - "name": "Login Count Decision", + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, - "amount": 3, - "identityAttribute": "userName", - "interval": "AT", - }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { - "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": false, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/user", + "permissions": [ + "CREATE", + ], }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformProgressiveProfile", - "description": "Prompt for missing preferences on 3rd login", - "enabled": true, - "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "17e62166-fc85-36df-a4d1-bc0e1742c08b": { - "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", - }, - "displayName": "Query Filter Decision", - "nodeType": "QueryFilterDecisionNode", - "x": 0, - "y": 0, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/adminIDs eq "{{_id}}" or /parentAdminIDs eq "{{_id}}"", + "name": "admin-view-update-delete-orgs", + "path": "managed/organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE", + ], }, - "6c8349cc-7260-3e62-a3b1-396831a8398f": { - "connections": { - "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "owners", + "readOnly": true, + }, + { + "attribute": "admins", + "readOnly": true, + }, + { + "attribute": "members", + "readOnly": false, + }, + { + "attribute": "parent", + "readOnly": false, + }, + { + "attribute": "children", + "readOnly": false, + }, + { + "attribute": "parentIDs", + "readOnly": true, + }, + { + "attribute": "adminIDs", + "readOnly": true, + }, + { + "attribute": "parentAdminIDs", + "readOnly": true, + }, + { + "attribute": "ownerIDs", + "readOnly": true, + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/organization", + "permissions": [ + "CREATE", + ], }, - "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { - "connections": { - "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", - }, - "displayName": "Login Count Decision", - "nodeType": "LoginCountDecisionNode", - "x": 0, - "y": 0, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrgIDs eq "__org_id_placeholder__"", + "name": "admin-view-update-delete-members", + "path": "managed/user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE", + ], }, - "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false, + }, + { + "attribute": "password", + "readOnly": false, + }, + { + "attribute": "givenName", + "readOnly": false, + }, + { + "attribute": "sn", + "readOnly": false, + }, + { + "attribute": "mail", + "readOnly": false, + }, + { + "attribute": "description", + "readOnly": false, + }, + { + "attribute": "accountStatus", + "readOnly": false, + }, + { + "attribute": "telephoneNumber", + "readOnly": false, + }, + { + "attribute": "postalAddress", + "readOnly": false, + }, + { + "attribute": "city", + "readOnly": false, + }, + { + "attribute": "postalCode", + "readOnly": false, + }, + { + "attribute": "country", + "readOnly": false, + }, + { + "attribute": "stateProvince", + "readOnly": false, + }, + { + "attribute": "roles", + "readOnly": false, + }, + { + "attribute": "manager", + "readOnly": false, + }, + { + "attribute": "authzRoles", + "readOnly": false, + }, + { + "attribute": "reports", + "readOnly": false, + }, + { + "attribute": "effectiveRoles", + "readOnly": false, + }, + { + "attribute": "effectiveAssignments", + "readOnly": false, + }, + { + "attribute": "lastSync", + "readOnly": false, + }, + { + "attribute": "kbaInfo", + "readOnly": false, + }, + { + "attribute": "preferences", + "readOnly": false, + }, + { + "attribute": "consentedMappings", + "readOnly": false, + }, + { + "attribute": "memberOfOrg", + "readOnly": false, + }, + { + "attribute": "adminOfOrg", + "readOnly": true, + }, + { + "attribute": "ownerOfOrg", + "readOnly": true, + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true, + }, + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/user", + "permissions": [ + "CREATE", + ], }, - }, - "uiConfig": {}, + ], }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformRegistration.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformRegistration": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "givenName", - "sn", - "mail", - "preferences/marketing", - "preferences/updates", - ], - "identityAttribute": "userName", - "required": true, - "validateInputs": true, - }, - "1c383cd3-0b7c-398a-b502-93adfecb7b18": { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "AcceptTermsAndConditionsNode", - "collection": true, - "name": "Accept Terms and Conditions", - }, - }, - "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "process/access": { + "_id": "process/access", + "workflowAccess": [ + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-authorized", }, - ], - "_type": { - "_id": "KbaCreateNode", - "collection": true, - "name": "KBA Definition", - }, - "allowUserDefinedQuestions": true, - "message": { - "en": "Select a security question", }, - }, - "e369853d-f766-3a44-a1ed-0ff613f563bd": { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + { + "propertiesCheck": { + "matches": ".*", + "property": "_id", + "requiresRole": "internal/role/openidm-admin", }, - ], - "_type": { - "_id": "ValidatedUsernameNode", - "collection": true, - "name": "Platform Username", }, - "usernameAttribute": "userName", - "validateInput": true, - }, + ], }, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "IncrementLoginCountNode", - "collection": true, - "name": "Increment Login Count", - }, - "identityAttribute": "userName", - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", - "_outcomes": [ - { - "displayName": "Created", - "id": "CREATED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "CreateObjectNode", - "collection": true, - "name": "Create Object", - }, - "identityResource": "managed/user", - }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", - "displayName": "Platform Username", - "nodeType": "ValidatedUsernameNode", - }, - { - "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", - }, - { - "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - { - "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", - "displayName": "KBA Definition", - "nodeType": "KbaCreateNode", - }, - { - "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", - "displayName": "Accept Terms and Conditions", - "nodeType": "AcceptTermsAndConditionsNode", - }, - ], - "pageDescription": { - "en": "Signing up is fast and easy.
Already have an account?Sign In", + "repo.ds": { + "_id": "repo.ds", + "commands": { + "delete-mapping-links": { + "_queryFilter": "/linkType eq "\${mapping}"", + "operation": "DELETE", }, - "pageHeader": { - "en": "Sign Up", + "delete-target-ids-for-recon": { + "_queryFilter": "/reconId eq "\${reconId}"", + "operation": "DELETE", }, - "stage": "null", }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformRegistration", - "description": "Platform Registration Tree", - "enabled": true, - "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "3416a75f-4cea-3109-907c-acd8e2f2aefc": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Increment Login Count", - "nodeType": "IncrementLoginCountNode", - "x": 0, - "y": 0, - }, - "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { - "connections": { - "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - }, - "displayName": "Create Object", - "nodeType": "CreateObjectNode", - "x": 0, - "y": 0, + "embedded": false, + "ldapConnectionFactories": { + "bind": { + "connectionPoolSize": 50, + "connectionSecurity": "startTLS", + "heartBeatIntervalSeconds": 60, + "heartBeatTimeoutMilliSeconds": 10000, + "primaryLdapServers": [ + { + "hostname": "opendj-frodo-dev.classic.com", + "port": 2389, + }, + ], + "secondaryLdapServers": [], }, - "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { - "connections": { - "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "root": { + "authentication": { + "simple": { + "bindDn": "uid=admin", + "bindPassword": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "lJ/B6T9e9CDKHCN8TxkD4g==", + "iv": "EdrerzwEUUkHG582cLDw5w==", + "keySize": 32, + "mac": "Aty9fXUtl4pexGlHOc+CBg==", + "purpose": "idm.config.encryption", + "salt": "BITSKlnPeT5klcuEZbngzw==", + "stableId": "openidm-sym-default", + }, + }, + }, + }, }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, + "inheritFrom": "bind", }, }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformResetPassword.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformResetPassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "44f683a8-4163-3352-bafe-57c2e008bc8c": { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", + "maxConnectionAttempts": 5, + "resourceMapping": { + "defaultMapping": { + "dnTemplate": "ou=generic,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "passwordAttribute": "password", - "validateInput": true, - }, - "66f041e1-6a60-328b-85a7-e228a89c3799": { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "explicitMapping": { + "clusteredrecontargetids": { + "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-recon-clusteredTargetIds", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "reconId": { + "ldapAttribute": "fr-idm-recon-id", + "type": "simple", + }, + "targetIds": { + "ldapAttribute": "fr-idm-recon-targetIds", + "type": "json", + }, + }, }, - ], - "_type": { - "_id": "AttributeCollectorNode", - "collection": true, - "name": "Attribute Collector", - }, - "attributesToCollect": [ - "mail", - ], - "identityAttribute": "mail", - "required": true, - "validateInputs": false, - }, - }, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "dsconfig/attributeValue": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-attribute-value-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "matchAttribute": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-match-attribute", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "dsconfig/characterSet": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-character-set-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "allowUnclassifiedCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-allow-unclassified-characters", + "type": "simple", + }, + "characterSet": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-character-set", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minCharacterSets": { + "ldapAttribute": "ds-cfg-min-character-sets", + "type": "simple", + }, + }, }, - ], - "pageDescription": { - "en": "Change password", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "_id": "072b030b-a126-32f4-b237-4f342be9ed44", - "_outcomes": [ - { - "displayName": "True", - "id": "true", + "dsconfig/dictionary": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-dictionary-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple", + }, + "dictionaryFile": { + "isRequired": true, + "ldapAttribute": "ds-cfg-dictionary-file", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple", + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple", + }, + }, }, - { - "displayName": "False", - "id": "false", + "dsconfig/lengthBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-length-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxPasswordLength": { + "ldapAttribute": "ds-cfg-max-password-length", + "type": "simple", + }, + "minPasswordLength": { + "ldapAttribute": "ds-cfg-min-password-length", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "IdentifyExistingUserNode", - "collection": true, - "name": "Identify Existing User", - }, - "identifier": "userName", - "identityAttribute": "mail", - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "dsconfig/passwordPolicies": { + "dnTemplate": "cn=Password Policies,cn=config", + "objectClasses": [ + "ds-cfg-password-policy", + "ds-cfg-authentication-policy", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "defaultPasswordStorageScheme": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-default-password-storage-scheme", + "type": "simple", + }, + "maxPasswordAge": { + "ldapAttribute": "ds-cfg-max-password-age", + "type": "simple", + }, + "passwordAttribute": { + "isRequired": true, + "ldapAttribute": "ds-cfg-password-attribute", + "type": "simple", + }, + "passwordHistoryCount": { + "ldapAttribute": "ds-cfg-password-history-count", + "type": "simple", + }, + "validator": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-password-validator", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", - "displayName": "Attribute Collector", - "nodeType": "AttributeCollectorNode", + "dsconfig/repeatedCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-repeated-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "maxConsecutiveLength": { + "isRequired": true, + "ldapAttribute": "ds-cfg-max-consecutive-length", + "type": "simple", + }, + }, }, - ], - "pageDescription": { - "en": "Enter your email address or Sign in", - }, - "pageHeader": { - "en": "Reset Password", - }, - "stage": "null", - }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "dsconfig/similarityBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-similarity-based-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minPasswordDifference": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-password-difference", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", - }, - "emailTemplateName": "resetPassword", - "identityAttribute": "mail", - "objectLookup": true, - }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", + "dsconfig/uniqueCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-unique-characters-password-validator", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple", + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "minUniqueCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-unique-characters", + "type": "simple", + }, + }, }, - { - "displayName": "Failed", - "id": "FAILURE", + "dsconfig/userDefinedVirtualAttribute": { + "dnTemplate": "cn=Virtual Attributes,cn=config", + "objectClasses": [ + "ds-cfg-user-defined-virtual-attribute", + "ds-cfg-virtual-attribute", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "attributeType": { + "isRequired": true, + "ldapAttribute": "ds-cfg-attribute-type", + "type": "simple", + }, + "baseDn": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-base-dn", + "type": "simple", + }, + "conflictBehavior": { + "ldapAttribute": "ds-cfg-conflict-behavior", + "type": "simple", + }, + "enabled": { + "isRequired": true, + "ldapAttribute": "ds-cfg-enabled", + "type": "simple", + }, + "filter": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-filter", + "type": "simple", + }, + "groupDn": { + "ldapAttribute": "ds-cfg-group-dn", + "type": "simple", + }, + "javaClass": { + "isRequired": true, + "ldapAttribute": "ds-cfg-java-class", + "type": "simple", + }, + "scope": { + "ldapAttribute": "ds-cfg-scope", + "type": "simple", + }, + "value": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-value", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "mail", - "identityResource": "managed/user", - "ignoredFields": [], - "patchAsObject": false, - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformResetPassword", - "description": "Reset Password Tree", - "enabled": true, - "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { - "connections": { - "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "internal/role": { + "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "fr-idm-internal-role", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly", + }, + "authzMembers": { + "isMultiValued": true, + "propertyName": "authzRoles", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "condition": { + "ldapAttribute": "fr-idm-condition", + "type": "simple", + }, + "description": { + "ldapAttribute": "description", + "type": "simple", + }, + "name": { + "ldapAttribute": "fr-idm-name", + "type": "simple", + }, + "privileges": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-privilege", + "type": "json", + }, + "temporalConstraints": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-temporal-constraints", + "type": "json", + }, + }, }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "072b030b-a126-32f4-b237-4f342be9ed44": { - "connections": { - "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", - "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "internal/user": { + "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-internal-user", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "password": { + "ldapAttribute": "fr-idm-password", + "type": "json", + }, + }, }, - "displayName": "Identify Existing User", - "nodeType": "IdentifyExistingUserNode", - "x": 0, - "y": 0, - }, - "093f65e0-80a2-35f8-876b-1c5722a46aa2": { - "connections": { - "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + "link": { + "dnTemplate": "ou=links,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-link", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "firstId": { + "ldapAttribute": "fr-idm-link-firstId", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-link-qualifier", + "type": "simple", + }, + "linkType": { + "ldapAttribute": "fr-idm-link-type", + "type": "simple", + }, + "secondId": { + "ldapAttribute": "fr-idm-link-secondId", + "type": "simple", + }, + }, }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "7f39f831-7fbd-3198-8ef4-c628eba02591": { - "connections": { - "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "locks": { + "dnTemplate": "ou=locks,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-lock", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "nodeId": { + "ldapAttribute": "fr-idm-lock-nodeid", + "type": "simple", + }, + }, }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "recon/assoc": { + "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "namingStrategy": { + "dnAttribute": "fr-idm-reconassoc-reconid", + "type": "clientDnNaming", + }, + "objectClasses": [ + "fr-idm-reconassoc", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "fr-idm-reconassoc-reconid", + "type": "simple", + }, + "finishTime": { + "ldapAttribute": "fr-idm-reconassoc-finishtime", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "subResources": { + "entry": { + "namingStrategy": { + "dnAttribute": "uid", + "type": "clientDnNaming", + }, + "resource": "recon-assoc-entry", + "type": "collection", + }, + }, }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/PlatformUpdatePassword.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "PlatformUpdatePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "735b90b4-5681-35ed-ac3f-678819b6e058": { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "recon/assoc/entry": { + "objectClasses": [ + "uidObject", + "fr-idm-reconassocentry", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + }, + "action": { + "ldapAttribute": "fr-idm-reconassocentry-action", + "type": "simple", + }, + "ambiguousTargetObjectIds": { + "ldapAttribute": "fr-idm-reconassocentry-ambiguoustargetobjectids", + "type": "simple", + }, + "exception": { + "ldapAttribute": "fr-idm-reconassocentry-exception", + "type": "simple", + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple", + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-reconassocentry-linkqualifier", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple", + }, + "message": { + "ldapAttribute": "fr-idm-reconassocentry-message", + "type": "simple", + }, + "messageDetail": { + "ldapAttribute": "fr-idm-reconassocentry-messagedetail", + "type": "simple", + }, + "phase": { + "ldapAttribute": "fr-idm-reconassocentry-phase", + "type": "simple", + }, + "reconId": { + "ldapAttribute": "fr-idm-reconassocentry-reconid", + "type": "simple", + }, + "situation": { + "ldapAttribute": "fr-idm-reconassocentry-situation", + "type": "simple", + }, + "sourceObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-sourceObjectId", + "type": "simple", + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple", + }, + "status": { + "ldapAttribute": "fr-idm-reconassocentry-status", + "type": "simple", + }, + "targetObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-targetObjectId", + "type": "simple", + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple", + }, + }, + "resourceName": "recon-assoc-entry", + "subResourceRouting": [ + { + "prefix": "entry", + "template": "recon/assoc/{reconId}/entry", + }, + ], }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, - "7cbbc409-ec99-3f19-878c-75bd1e06f215": { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "sync/queue": { + "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-syncqueue", + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly", + }, + "context": { + "ldapAttribute": "fr-idm-syncqueue-context", + "type": "json", + }, + "createDate": { + "ldapAttribute": "fr-idm-syncqueue-createdate", + "type": "simple", + }, + "mapping": { + "ldapAttribute": "fr-idm-syncqueue-mapping", + "type": "simple", + }, + "newObject": { + "ldapAttribute": "fr-idm-syncqueue-newobject", + "type": "json", + }, + "nodeId": { + "ldapAttribute": "fr-idm-syncqueue-nodeid", + "type": "simple", + }, + "objectRev": { + "ldapAttribute": "fr-idm-syncqueue-objectRev", + "type": "simple", + }, + "oldObject": { + "ldapAttribute": "fr-idm-syncqueue-oldobject", + "type": "json", + }, + "resourceCollection": { + "ldapAttribute": "fr-idm-syncqueue-resourcecollection", + "type": "simple", + }, + "resourceId": { + "ldapAttribute": "fr-idm-syncqueue-resourceid", + "type": "simple", + }, + "state": { + "ldapAttribute": "fr-idm-syncqueue-state", + "type": "simple", + }, + "syncAction": { + "ldapAttribute": "fr-idm-syncqueue-syncaction", + "type": "simple", + }, + }, }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", }, - "passwordAttribute": "password", - "validateInput": true, - }, - }, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", - "_outcomes": [ - { - "displayName": "True", - "id": "true", + "genericMapping": { + "cluster/*": { + "dnTemplate": "ou=cluster,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-cluster-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", + "objectClasses": [ + "uidObject", + "fr-idm-cluster-obj", + ], }, - { - "displayName": "False", - "id": "false", + "config": { + "dnTemplate": "ou=config,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - "_outcomes": [ - { - "displayName": "True", - "id": "true", + "file": { + "dnTemplate": "ou=file,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - { - "displayName": "False", - "id": "false", + "import": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "AttributePresentDecisionNode", - "collection": true, - "name": "Attribute Present Decision", - }, - "identityAttribute": "userName", - "presentAttribute": "password", - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "import/*": { + "dnTemplate": "ou=import,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", - }, - "emailTemplateName": "updatePassword", - "identityAttribute": "userName", - "objectLookup": true, - }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "internal/notification": { + "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-notification-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-notification", + ], + "properties": { + "target": { + "propertyName": "_notifications", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "internal/usermeta": { + "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj", + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, }, - ], - "pageDescription": { - "en": "Enter current password", - }, - "pageHeader": { - "en": "Verify Existing Password", - }, - "stage": "null", - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", + "jsonstorage": { + "dnTemplate": "ou=jsonstorage,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - { - "displayName": "Failed", - "id": "FAILURE", + "managed/*": { + "dnTemplate": "ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [ - "userName", - ], - "patchAsObject": true, - }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "managed/assignment": { + "dnTemplate": "ou=assignment,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-assignment-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-assignment", + ], + "properties": { + "condition": { + "ldapAttribute": "fr-idm-assignment-condition", + "type": "simple", + }, + "members": { + "isMultiValued": true, + "propertyName": "assignments", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "propertyName": "assignments", + "resourcePath": "managed/role", + "type": "reverseReference", + }, + }, }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", + "managed/organization": { + "dnTemplate": "ou=organization,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + ], + "properties": { + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/organization", + "type": "reverseReference", + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple", + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + }, }, - ], - "pageDescription": { - "en": "Enter new password", - }, - "pageHeader": { - "en": "Update Password", - }, - "stage": "null", - }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", + "managed/role": { + "dnTemplate": "ou=role,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role", + ], + "properties": { + "assignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-role-assignments", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", + }, + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + }, }, - ], - "_type": { - "_id": "SessionDataNode", - "collection": true, - "name": "Get Session Data", - }, - "sessionDataKey": "UserToken", - "sharedStateKey": "userName", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformUpdatePassword", - "description": "Update password using active session", - "enabled": true, - "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "managed/user": { + "dnTemplate": "ou=user,ou=managed,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-managed-user-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedUser", + "objectClasses": [ + "uidObject", + "fr-idm-managed-user", + ], + "properties": { + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "internal/usermeta", + "type": "reference", + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference", + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "assignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-assignment-member", + "primaryKey": "uid", + "resourcePath": "managed/assignment", + "type": "reference", + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference", + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/user", + "type": "reference", + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/organization", + "type": "reference", + }, + "passwordExpirationTime": { + "ldapAttribute": "pwdExpirationTime", + "type": "simple", + "writability": "readOnlyDiscardWrites", + }, + "passwordLastChangedTime": { + "ldapAttribute": "pwdChangedTime", + "type": "simple", + "writability": "readOnlyDiscardWrites", + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/user", + "type": "reverseReference", + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/role", + "type": "reference", + }, + }, }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "connections": { - "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "reconprogressstate": { + "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "displayName": "Attribute Present Decision", - "nodeType": "AttributePresentDecisionNode", - "x": 0, - "y": 0, - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "connections": { - "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "relationships": { + "dnTemplate": "ou=relationships,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", + "jsonAttribute": "fr-idm-relationship-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", + "objectClasses": [ + "uidObject", + "fr-idm-relationship", + ], }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "connections": { - "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "scheduler": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "scheduler/*": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, - }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "connections": { - "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "ui/*": { + "dnTemplate": "ou=ui,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "connections": { - "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "updates": { + "dnTemplate": "ou=updates,dc=openidm,dc=opendj-frodo-dev,dc=classic,dc=com", }, - "displayName": "Get Session Data", - "nodeType": "SessionDataNode", - "x": 0, - "y": 0, }, }, - "uiConfig": {}, + "rest2LdapOptions": { + "mvccAttribute": "etag", + "readOnUpdatePolicy": "controls", + "returnNullForMissingProperties": true, + "useMvcc": true, + "usePermissiveModify": true, + "useSubtreeDelete": false, + }, + "security": { + "fileBasedTrustManagerFile": "&{idm.install.dir}/security/truststore", + "fileBasedTrustManagerPasswordFile": "&{idm.install.dir}/security/storepass", + "fileBasedTrustManagerType": "JKS", + "trustManager": "file", + }, }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/RetryLimit.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "RetryLimit": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - "_outcomes": [ + "repo.init": { + "_id": "repo.init", + "insert": { + "internal/role": [ { - "displayName": "Outcome", - "id": "outcome", + "description": "Administrative access", + "id": "openidm-admin", + "name": "openidm-admin", }, - ], - "_type": { - "_id": "UsernameCollectorNode", - "collection": true, - "name": "Username Collector", - }, - }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", - "_outcomes": [ { - "displayName": "Retry", - "id": "Retry", + "description": "Basic minimum user", + "id": "openidm-authorized", + "name": "openidm-authorized", }, { - "displayName": "Reject", - "id": "Reject", + "description": "Anonymous access", + "id": "openidm-reg", + "name": "openidm-reg", }, - ], - "_type": { - "_id": "RetryLimitDecisionNode", - "collection": true, - "name": "Retry Limit Decision", - }, - "incrementUserAttributeOnFailure": true, - "retryLimit": 3, - }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", - "_outcomes": [ { - "displayName": "Outcome", - "id": "outcome", + "description": "Authenticated via certificate", + "id": "openidm-cert", + "name": "openidm-cert", }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", - }, - }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", - "_outcomes": [ { - "displayName": "True", - "id": "true", + "description": "Allowed to reassign workflow tasks", + "id": "openidm-tasks-manager", + "name": "openidm-tasks-manager", }, { - "displayName": "False", - "id": "false", + "description": "Platform provisioning access", + "id": "platform-provisioning", + "name": "platform-provisioning", }, ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", - "_outcomes": [ + "internal/user": [ { - "displayName": "Outcome", - "id": "outcome", + "id": "openidm-admin", + "password": "&{openidm.admin.password}", + }, + { + "id": "anonymous", + "password": "anonymous", + }, + { + "id": "idm-provisioning", + }, + { + "id": "connector-server-client", }, ], - "_type": { - "_id": "AccountLockoutNode", - "collection": true, - "name": "Account Lockout", - }, - "lockAction": "LOCK", }, }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "RetryLimit", - "description": "null", - "enabled": true, - "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { - "connections": { - "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "router": { + "_id": "router", + "filters": [ + { + "methods": [ + "create", + "update", + ], + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", }, - "displayName": "User Name Collector", - "nodeType": "UsernameCollectorNode", - "x": 0, - "y": 0, + "pattern": "^(managed|internal)($|(/.+))", }, - "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { - "connections": { - "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", - "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + { + "methods": [ + "update", + ], + "onRequest": { + "file": "policyFilter.js", + "type": "text/javascript", }, - "displayName": "Retry Limit Decision", - "nodeType": "RetryLimitDecisionNode", - "x": 0, - "y": 0, + "pattern": "^config/managed$", }, - "8f14e45f-ceea-367a-9a36-dedd4bea2543": { - "connections": { - "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + { + "condition": { + "source": "(context.caller.external === true) && (typeof context.privilege === 'undefined' || Object.keys(context.privilege.matchingPrivileges).length === 0)", + "type": "text/javascript", }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 0, - "y": 0, + "onResponse": { + "source": "require('relationshipFilter').filterResponse()", + "type": "text/javascript", + }, + "pattern": "^(managed|internal)($|(/.+))", }, - "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { - "connections": { - "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", - "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + ], + }, + "schedule/taskscan_activate": { + "_id": "schedule/taskscan_activate", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/activeDate le "\${Time.nowWithOffset}") AND (!(/inactiveDate pr) or /inactiveDate ge "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", + }, + "taskState": { + "completed": "/activateAccount/task-completed", + "started": "/activateAccount/task-started", }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, }, - "d3d94468-02a4-3259-b55d-38e6d163e820": { - "connections": { - "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "active" }]; + +logger.debug("Performing Activate Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", }, - "displayName": "Account Lockout", - "nodeType": "AccountLockoutNode", - "x": 0, - "y": 0, }, + "waitForCompletion": false, }, - "uiConfig": {}, + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", }, - }, - }, -} -`; + "schedule/taskscan_expire": { + "_id": "schedule/taskscan_expire", + "concurrentExecution": false, + "enabled": false, + "invokeContext": { + "numberOfThreads": 5, + "scan": { + "_queryFilter": "((/inactiveDate lt "\${Time.nowWithOffset}") AND (!(/activeDate pr) or /activeDate le "\${Time.nowWithOffset}"))", + "object": "managed/user", + "recovery": { + "timeout": "10m", + }, + "taskState": { + "completed": "/expireAccount/task-completed", + "started": "/expireAccount/task-started", + }, + }, + "task": { + "script": { + "globals": {}, + "source": "var patch = [{ "operation" : "replace", "field" : "/accountStatus", "value" : "inactive" }]; -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/journey/Test-Tree.journey.json 1`] = ` -{ - "meta": Any, - "trees": { - "Test Tree": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": {}, - "nodes": { - "0254ab35-daea-40db-9a53-44fc06715e48": { - "_id": "0254ab35-daea-40db-9a53-44fc06715e48", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", +logger.debug("Performing Expire Account Task on {} ({})", input.mail, objectID); + +openidm.patch(objectID, null, patch); true;", + "type": "text/javascript", }, - ], - "_type": { - "_id": "PasswordCollectorNode", - "collection": true, - "name": "Password Collector", }, + "waitForCompletion": false, }, + "invokeService": "taskscanner", + "persisted": true, + "repeatInterval": 86400000, + "type": "simple", }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "Test Tree", - "enabled": true, - "entryNodeId": "0254ab35-daea-40db-9a53-44fc06715e48", - "innerTreeOnly": false, - "nodes": { - "0254ab35-daea-40db-9a53-44fc06715e48": { - "connections": { - "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Password Collector", - "nodeType": "PasswordCollectorNode", - "x": 150, - "y": 20, + "scheduler": { + "_id": "scheduler", + "scheduler": { + "executePersistentSchedules": { + "$bool": "&{openidm.scheduler.execute.persistent.schedules}", }, }, - "staticNodes": { - "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { - "x": 447, - "y": 49, - }, - "e301438c-0bd0-429c-ab0c-66126501069a": { - "x": 577, - "y": 71, - }, - "startNode": { - "x": 50, - "y": 25, - }, + "threadPool": { + "threadCount": 10, }, - "uiConfig": {}, - }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/policyset/oauth2Scopes.policyset.json 1`] = ` -{ - "meta": Any, - "policyset": { - "oauth2Scopes": { - "applicationType": "iPlanetAMWebAgentService", - "attributeNames": [], - "conditions": [ - "Script", - "AMIdentityMembership", - "IPv6", - "SimpleTime", - "IPv4", - "LEAuthLevel", - "LDAPFilter", - "AuthScheme", - "Session", - "AND", - "AuthenticateToRealm", - "ResourceEnvIP", - "SessionProperty", - "OAuth2Scope", - "OR", - "Transaction", - "NOT", - "AuthLevel", - "AuthenticateToService", - ], - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1578580064992, - "description": "The built-in Application used by the OAuth2 scope authorization process.", - "displayName": "Default OAuth2 Scopes Policy Set", - "editable": true, - "entitlementCombiner": "DenyOverride", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509790191, - "name": "oauth2Scopes", - "resourceComparator": null, - "resourceTypeUuids": [ - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - ], - "saveIndex": null, - "searchIndex": null, - "subjects": [ - "AuthenticatedUsers", - "NOT", - "Identity", - "OR", - "AND", - "NONE", - "JwtClaim", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { - "actions": { - "GRANT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030586, - "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509790156, - "name": "OAuth2 Scope", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - "*", - ], - "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/resourcetype/URL.resourcetype.json 1`] = ` -{ - "meta": Any, - "resourcetype": { - "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { - "actions": { - "DELETE": true, - "GET": true, - "HEAD": true, - "OPTIONS": true, - "PATCH": true, - "POST": true, - "PUT": true, - }, - "createdBy": "id=dsameuser,ou=user,ou=am-config", - "creationDate": 1595479030487, - "description": "The built-in URL Resource Type available to OpenAM Policies.", - "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", - "lastModifiedDate": 1728509790171, - "name": "URL", - "patterns": [ - "*://*:*/*", - "*://*:*/*?*", - ], - "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-keystore.secretstore.json 1`] = ` -{ - "meta": Any, - "secretstore": { - "default-keystore": { - "_id": "default-keystore", - "_type": { - "_id": "KeyStoreSecretStore", - "collection": true, - "name": "Keystore", - }, - "file": "/home/prestonhales/am/security/keystores/keystore.jceks", - "keyEntryPassword": "entrypass", - "leaseExpiryDuration": 5, - "mappings": [], - "providerName": "SunJCE", - "storePassword": "storepass", - "storetype": "JCEKS", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/secretstore/default-passwords-store.secretstore.json 1`] = ` -{ - "meta": Any, - "secretstore": { - "default-passwords-store": { - "_id": "default-passwords-store", - "_type": { - "_id": "FileSystemSecretStore", - "collection": true, - "name": "File System Secret Volumes", }, - "directory": "/home/prestonhales/am/security/secrets/encrypted", - "format": "ENCRYPTED_PLAIN", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/SocialIdentityProviders.service.json 1`] = ` -{ - "meta": Any, - "service": { - "SocialIdentityProviders": { - "_id": "", - "_type": { - "_id": "SocialIdentityProviders", - "collection": false, - "name": "Social Identity Provider Service", - }, - "enabled": true, - "location": "/first/second", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/id-repositories.service.json 1`] = ` -{ - "meta": Any, - "service": { - "id-repositories": { - "_id": "", - "_type": { - "_id": "id-repositories", - "collection": false, - "name": "sunIdentityRepositoryService", - }, - "location": "/first/second", - "nextDescendents": [ - { - "_id": "embedded", - "_type": { - "_id": "LDAPv3ForOpenDS", - "collection": true, - "name": "OpenDJ", - }, - "authentication": { - "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", - }, - "cachecontrol": { - "sun-idrepo-ldapv3-dncache-enabled": true, - "sun-idrepo-ldapv3-dncache-size": 1500, - }, - "errorhandling": { - "com.iplanet.am.ldap.connection.delay.between.retries": 1000, - }, - "groupconfig": { - "sun-idrepo-ldapv3-config-group-attributes": [ - "dn", - "cn", - "uniqueMember", - "objectclass", - ], - "sun-idrepo-ldapv3-config-group-container-name": "ou", - "sun-idrepo-ldapv3-config-group-container-value": "groups", - "sun-idrepo-ldapv3-config-group-objectclass": [ - "top", - "groupofuniquenames", - ], - "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", - "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", - "sun-idrepo-ldapv3-config-memberurl": "memberUrl", - "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", - }, - "ldapsettings": { - "openam-idrepo-ldapv3-affinity-level": "all", - "openam-idrepo-ldapv3-behera-support-enabled": true, - "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, - "openam-idrepo-ldapv3-heartbeat-interval": 10, - "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", - "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", - "openam-idrepo-ldapv3-mtls-enabled": false, - "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, - "openam-idrepo-ldapv3-proxied-auth-enabled": false, - "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", - "sun-idrepo-ldapv3-config-authpw": null, - "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", - "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, - "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, - "sun-idrepo-ldapv3-config-ldap-server": [ - "localhost:50636", - "localhost:50636|01", - ], - "sun-idrepo-ldapv3-config-max-result": 1000, - "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", - "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-time-limit": 10, - "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + "script": { + "ECMAScript": { + "javascript.optimization.level": 9, + "javascript.recompile.minimumInterval": 60000, + }, + "Groovy": { + "#groovy.disabled.global.ast.transformations": "", + "#groovy.errors.tolerance": 10, + "#groovy.output.debug": false, + "#groovy.output.verbose": false, + "#groovy.script.base": "#any class extends groovy.lang.Script", + "#groovy.script.extension": ".groovy", + "#groovy.target.bytecode": "1.8", + "#groovy.target.directory": "&{idm.data.dir}/classes", + "#groovy.target.indy": true, + "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", + "groovy.classpath": "&{idm.install.dir}/lib", + "groovy.recompile": true, + "groovy.recompile.minimumInterval": 60000, + "groovy.source.encoding": "UTF-8", + }, + "_id": "script", + "properties": {}, + "sources": { + "default": { + "directory": "&{idm.install.dir}/bin/defaults/script", }, - "persistentsearch": { - "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", - "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", - "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + "install": { + "directory": "&{idm.install.dir}", }, - "pluginconfig": { - "sunIdRepoAttributeMapping": [], - "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", - "sunIdRepoSupportedOperations": [ - "realm=read,create,edit,delete,service", - "user=read,create,edit,delete,service", - "group=read,create,edit,delete", - ], + "project": { + "directory": "&{idm.instance.dir}", }, - "userconfig": { - "sun-idrepo-ldapv3-config-active": "Active", - "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ - "kbaInfoAttempts", - ], - "sun-idrepo-ldapv3-config-auth-kba-attr": [ - "kbaInfo", - ], - "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", - "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ - "cn", - "sn", - ], - "sun-idrepo-ldapv3-config-inactive": "Inactive", - "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", - "sun-idrepo-ldapv3-config-people-container-name": "ou", - "sun-idrepo-ldapv3-config-people-container-value": "people", - "sun-idrepo-ldapv3-config-user-attributes": [ - "iplanet-am-auth-configuration", - "iplanet-am-user-alias-list", - "iplanet-am-user-password-reset-question-answer", - "mail", - "assignedDashboard", - "authorityRevocationList", - "dn", - "iplanet-am-user-password-reset-options", - "employeeNumber", - "createTimestamp", - "kbaActiveIndex", - "caCertificate", - "iplanet-am-session-quota-limit", - "iplanet-am-user-auth-config", - "sun-fm-saml2-nameid-infokey", - "sunIdentityMSISDNNumber", - "iplanet-am-user-password-reset-force-reset", - "sunAMAuthInvalidAttemptsData", - "devicePrintProfiles", - "givenName", - "iplanet-am-session-get-valid-sessions", - "objectClass", - "adminRole", - "inetUserHttpURL", - "lastEmailSent", - "iplanet-am-user-account-life", - "postalAddress", - "userCertificate", - "preferredtimezone", - "iplanet-am-user-admin-start-dn", - "boundDevices", - "oath2faEnabled", - "preferredlanguage", - "sun-fm-saml2-nameid-info", - "userPassword", - "iplanet-am-session-service-status", - "telephoneNumber", - "iplanet-am-session-max-idle-time", - "distinguishedName", - "iplanet-am-session-destroy-sessions", - "kbaInfoAttempts", - "modifyTimestamp", - "uid", - "iplanet-am-user-success-url", - "iplanet-am-user-auth-modules", - "kbaInfo", - "memberOf", - "sn", - "preferredLocale", - "manager", - "iplanet-am-session-max-session-time", - "deviceProfiles", - "cn", - "oathDeviceProfiles", - "webauthnDeviceProfiles", - "iplanet-am-user-login-status", - "pushDeviceProfiles", - "push2faEnabled", - "inetUserStatus", - "retryLimitNodeCount", - "iplanet-am-user-failure-url", - "iplanet-am-session-max-caching-time", - ], - "sun-idrepo-ldapv3-config-user-objectclass": [ - "iplanet-am-managed-person", - "inetuser", - "sunFMSAML2NameIdentifier", - "inetorgperson", - "devicePrintProfilesContainer", - "boundDevicesContainer", - "iplanet-am-user-service", - "iPlanetPreferences", - "pushDeviceProfilesContainer", - "forgerock-am-dashboard-service", - "organizationalperson", - "top", - "kbaInfoContainer", - "person", - "sunAMAuthAccountLockout", - "oathDeviceProfilesContainer", - "webauthnDeviceProfilesContainer", - "iplanet-am-auth-configuration-service", - "deviceProfilesContainer", - ], - "sun-idrepo-ldapv3-config-users-search-attribute": "uid", - "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + "project-script": { + "directory": "&{idm.instance.dir}/script", }, }, - ], - "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", - "sunIdRepoAttributeValidator": [ - "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", - "minimumPasswordLength=8", - "usernameInvalidChars=*|(|)|&|!", - ], - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/oauth-oidc.service.json 1`] = ` -{ - "meta": Any, - "service": { - "oauth-oidc": { - "_id": "", - "_type": { - "_id": "oauth-oidc", - "collection": false, - "name": "OAuth2 Provider", - }, - "advancedOAuth2Config": { - "allowClientCredentialsInTokenRequestQueryParameters": false, - "allowedAudienceValues": [], - "authenticationAttributes": [ - "uid", - ], - "codeVerifierEnforced": "false", - "defaultScopes": [], - "displayNameAttribute": "cn", - "expClaimRequiredInRequestObject": false, - "grantTypes": [ - "implicit", - "urn:ietf:params:oauth:grant-type:saml2-bearer", - "refresh_token", - "password", - "client_credentials", - "urn:ietf:params:oauth:grant-type:device_code", - "authorization_code", - "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:token-exchange", - "urn:ietf:params:oauth:grant-type:jwt-bearer", - ], - "hashSalt": "changeme", - "includeSubnameInTokenClaims": true, - "macaroonTokenFormat": "V2", - "maxAgeOfRequestObjectNbfClaim": 0, - "maxDifferenceBetweenRequestObjectNbfAndExp": 0, - "moduleMessageEnabledInPasswordGrant": false, - "nbfClaimRequiredInRequestObject": false, - "parRequestUriLifetime": 90, - "passwordGrantAuthService": "[Empty]", - "persistentClaims": [], - "refreshTokenGracePeriod": 0, - "requestObjectProcessing": "OIDC", - "requirePushedAuthorizationRequests": false, - "responseTypeClasses": [ - "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", - "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", - "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", - ], - "supportedScopes": [], - "supportedSubjectTypes": [ - "public", - "pairwise", - ], - "tlsCertificateBoundAccessTokensEnabled": true, - "tlsCertificateRevocationCheckingEnabled": false, - "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", - "tokenCompressionEnabled": false, - "tokenEncryptionEnabled": false, - "tokenExchangeClasses": [ - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", - "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", - ], - "tokenSigningAlgorithm": "HS256", - "tokenValidatorClasses": [ - "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", - "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", - ], }, - "advancedOIDCConfig": { - "alwaysAddClaimsToToken": false, - "amrMappings": {}, - "authorisedIdmDelegationClients": [], - "authorisedOpenIdConnectSSOClients": [], - "claimsParameterSupported": false, - "defaultACR": [], - "idTokenInfoClientAuthenticationEnabled": true, - "includeAllKtyAlgCombinationsInJwksUri": false, - "loaMapping": {}, - "storeOpsTokens": true, - "supportedAuthorizationResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedAuthorizationResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedAuthorizationResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRequestParameterEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRequestParameterEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRequestParameterSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenEndpointAuthenticationSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedTokenIntrospectionResponseEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedTokenIntrospectionResponseSigningAlgorithms": [ - "PS384", - "RS384", - "EdDSA", - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedUserInfoEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedUserInfoEncryptionEnc": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedUserInfoSigningAlgorithms": [ - "ES384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", + "secrets": { + "_id": "secrets", + "stores": [ + { + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", + "config": { + "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", + "mappings": [ + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.default", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.config.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.password.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.https.keystore.cert.alias|openidm-localhost}", + ], + "secretId": "idm.jwt.session.module.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}", + ], + "secretId": "idm.jwt.session.module.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "selfservice", + ], + "secretId": "idm.selfservice.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}", + ], + "secretId": "idm.selfservice.signing", + "types": [ + "SIGN", + "VERIFY", + ], + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + ], + "secretId": "idm.assignment.attribute.encryption", + "types": [ + "ENCRYPT", + "DECRYPT", + ], + }, + ], + "providerName": "&{openidm.keystore.provider|SunJCE}", + "storePassword": "&{openidm.keystore.password|changeit}", + "storetype": "&{openidm.keystore.type|JCEKS}", + }, + "name": "mainKeyStore", + }, + { + "class": "org.forgerock.openidm.secrets.config.KeyStoreSecretStore", + "config": { + "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", + "mappings": [], + "providerName": "&{openidm.truststore.provider|SUN}", + "storePassword": "&{openidm.truststore.password|changeit}", + "storetype": "&{openidm.truststore.type|JKS}", + }, + "name": "mainTrustStore", + }, ], - "useForceAuthnForMaxAge": false, - "useForceAuthnForPromptLogin": false, }, - "cibaConfig": { - "cibaAuthReqIdLifetime": 600, - "cibaMinimumPollingInterval": 2, - "supportedCibaSigningAlgorithms": [ - "ES256", - "PS256", - ], + "selfservice.kba": { + "_id": "selfservice.kba", + "kbaPropertyName": "kbaInfo", + "minimumAnswersToDefine": 2, + "minimumAnswersToVerify": 1, + "questions": { + "1": { + "en": "What's your favorite color?", + "en_GB": "What is your favourite colour?", + "fr": "Quelle est votre couleur préférée?", + }, + "2": { + "en": "Who was your first employer?", + }, + }, }, - "clientDynamicRegistrationConfig": { - "allowDynamicRegistration": false, - "dynamicClientRegistrationScope": "dynamic_client_registration", - "dynamicClientRegistrationSoftwareStatementRequired": false, - "generateRegistrationAccessTokens": true, - "requiredSoftwareStatementAttestedAttributes": [ - "redirect_uris", + "selfservice.propertymap": { + "_id": "selfservice.propertymap", + "properties": [ + { + "source": "givenName", + "target": "givenName", + }, + { + "source": "familyName", + "target": "sn", + }, + { + "source": "email", + "target": "mail", + }, + { + "condition": "/object/postalAddress pr", + "source": "postalAddress", + "target": "postalAddress", + }, + { + "condition": "/object/addressLocality pr", + "source": "addressLocality", + "target": "city", + }, + { + "condition": "/object/addressRegion pr", + "source": "addressRegion", + "target": "stateProvince", + }, + { + "condition": "/object/postalCode pr", + "source": "postalCode", + "target": "postalCode", + }, + { + "condition": "/object/country pr", + "source": "country", + "target": "country", + }, + { + "condition": "/object/phone pr", + "source": "phone", + "target": "telephoneNumber", + }, + { + "source": "username", + "target": "userName", + }, ], }, - "consent": { - "clientsCanSkipConsent": false, - "enableRemoteConsent": false, - "supportedRcsRequestEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsRequestEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsRequestSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", - ], - "supportedRcsResponseEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "ECDH-ES+A128KW", - "RSA-OAEP", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedRcsResponseEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", - ], - "supportedRcsResponseSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", + "selfservice.terms": { + "_id": "selfservice.terms", + "active": "0.0", + "uiConfig": { + "buttonText": "Accept", + "displayName": "We've updated our terms", + "purpose": "You must accept the updated terms in order to proceed.", + }, + "versions": [ + { + "createDate": "2019-10-28T04:20:11.320Z", + "termsTranslations": { + "en": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.", + }, + "version": "0.0", + }, ], }, - "coreOAuth2Config": { - "accessTokenLifetime": 3600, - "accessTokenMayActScript": "[Empty]", - "codeLifetime": 120, - "issueRefreshToken": true, - "issueRefreshTokenOnRefreshedToken": true, - "macaroonTokensEnabled": false, - "oidcMayActScript": "[Empty]", - "refreshTokenLifetime": 604800, - "scopesPolicySet": "oauth2Scopes", - "statelessTokensEnabled": false, - "usePolicyEngineForScope": false, - }, - "coreOIDCConfig": { - "jwtTokenLifetime": 3600, - "oidcDiscoveryEndpointEnabled": false, - "overrideableOIDCClaims": [], - "supportedClaims": [], - "supportedIDTokenEncryptionAlgorithms": [ - "ECDH-ES+A256KW", - "ECDH-ES+A192KW", - "RSA-OAEP", - "ECDH-ES+A128KW", - "RSA-OAEP-256", - "A128KW", - "A256KW", - "ECDH-ES", - "dir", - "A192KW", - ], - "supportedIDTokenEncryptionMethods": [ - "A256GCM", - "A192GCM", - "A128GCM", - "A128CBC-HS256", - "A192CBC-HS384", - "A256CBC-HS512", + "servletfilter/cors": { + "_id": "servletfilter/cors", + "filterClass": "org.eclipse.jetty.ee10.servlets.CrossOriginFilter", + "initParams": { + "allowCredentials": true, + "allowedHeaders": "accept,x-openidm-password,x-openidm-nosession,x-openidm-username,content-type,origin,x-requested-with", + "allowedMethods": "GET,POST,PUT,DELETE,PATCH", + "allowedOrigins": "https://localhost:&{openidm.port.https}", + "chainPreflight": false, + }, + "urlPatterns": [ + "/*", ], - "supportedIDTokenSigningAlgorithms": [ - "PS384", - "ES384", - "RS384", - "HS256", - "HS512", - "ES256", - "RS256", - "HS384", - "ES512", - "PS256", - "PS512", - "RS512", + }, + "servletfilter/payload": { + "_id": "servletfilter/payload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", + "initParams": { + "maxRequestSizeInMegabytes": 5, + }, + "urlPatterns": [ + "&{openidm.servlet.alias}/*", ], }, - "deviceCodeConfig": { - "deviceCodeLifetime": 300, - "devicePollInterval": 5, - "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", - "deviceUserCodeLength": 8, + "servletfilter/upload": { + "_id": "servletfilter/upload", + "filterClass": "org.forgerock.openidm.jetty.LargePayloadServletFilter", + "initParams": { + "maxRequestSizeInMegabytes": 50, + }, + "urlPatterns": [ + "&{openidm.servlet.upload.alias}/*", + ], }, - "location": "/first/second", - "nextDescendents": [], - "pluginsConfig": { - "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", - "accessTokenModificationPluginType": "SCRIPTED", - "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", - "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", - "authorizeEndpointDataProviderPluginType": "JAVA", - "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", - "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", - "evaluateScopePluginType": "JAVA", - "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", - "oidcClaimsPluginType": "SCRIPTED", - "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", - "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", - "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", - "validateScopePluginType": "JAVA", - "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + "ui.context/admin": { + "_id": "ui.context/admin", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/admin/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/admin/extension", + "responseHeaders": { + "X-Frame-Options": "SAMEORIGIN", + }, + "urlContextRoot": "/admin", }, - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/service/policyconfiguration.service.json 1`] = ` -{ - "meta": Any, - "service": { - "policyconfiguration": { - "_id": "", - "_type": { - "_id": "policyconfiguration", - "collection": false, - "name": "Policy Configuration", + "ui.context/api": { + "_id": "ui.context/api", + "authEnabled": true, + "cacheEnabled": false, + "defaultDir": "&{idm.install.dir}/ui/api/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/api/extension", + "urlContextRoot": "/api", }, - "bindDn": "cn=Directory Manager", - "bindPassword": null, - "checkIfResourceTypeExists": true, - "connectionPoolMaximumSize": 10, - "connectionPoolMinimumSize": 1, - "ldapServer": [ - "localhost:50636", - ], - "location": "/first/second", - "maximumSearchResults": 100, - "mtlsEnabled": false, - "nextDescendents": [], - "policyHeartbeatInterval": 10, - "policyHeartbeatTimeUnit": "SECONDS", - "realmSearchFilter": "(objectclass=sunismanagedorganization)", - "searchTimeout": 5, - "sslEnabled": true, - "subjectsResultTTL": 10, - "userAliasEnabled": false, - "usersBaseDn": "dc=openam,dc=forgerock,dc=org", - "usersSearchAttribute": "uid", - "usersSearchFilter": "(objectclass=inetorgperson)", - "usersSearchScope": "SCOPE_SUB", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectAttributes/undefined.subjectAttributes.json 1`] = ` -{ - "meta": Any, - "subjectAttributes": { - "undefined": "iplanet-am-user-login-status", - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AND.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AND": { - "_id": "AND", - "config": { - "properties": { - "subjects": { - "type": "array", - }, + "ui.context/enduser": { + "_id": "ui.context/enduser", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/enduser", + "enabled": true, + "responseHeaders": { + "X-Frame-Options": "DENY", }, - "type": "object", + "urlContextRoot": "/", }, - "logical": true, - "title": "AND", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/AuthenticatedUsers.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "AuthenticatedUsers": { - "_id": "AuthenticatedUsers", - "config": { - "properties": {}, - "type": "object", + "ui.context/oauth": { + "_id": "ui.context/oauth", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/oauth/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/oauth/extension", + "urlContextRoot": "/oauthReturn", }, - "logical": false, - "title": "AuthenticatedUsers", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Identity.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Identity": { - "_id": "Identity", - "config": { - "properties": { - "subjectValues": { - "items": { - "type": "string", + "ui/configuration": { + "_id": "ui/configuration", + "configuration": { + "defaultNotificationType": "info", + "forgotUsername": false, + "lang": "en", + "notificationTypes": { + "error": { + "iconPath": "images/notifications/error.png", + "name": "common.notification.types.error", }, - "type": "array", + "info": { + "iconPath": "images/notifications/info.png", + "name": "common.notification.types.info", + }, + "warning": { + "iconPath": "images/notifications/warning.png", + "name": "common.notification.types.warning", + }, + }, + "passwordReset": false, + "passwordResetLink": "", + "roles": { + "internal/role/openidm-admin": "ui-admin", + "internal/role/openidm-authorized": "ui-user", }, + "selfRegistration": false, }, - "type": "object", }, - "logical": false, - "title": "Identity", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/JwtClaim.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "JwtClaim": { - "_id": "JwtClaim", - "config": { - "properties": { - "claimName": { - "type": "string", + "ui/dashboard": { + "_id": "ui/dashboard", + "adminDashboards": [ + { + "isDefault": true, + "name": "Quick Start", + "widgets": [ + { + "cards": [ + { + "href": "#connectors/add/", + "icon": "fa-database", + "name": "Add Connector", + }, + { + "href": "#mapping/add/", + "icon": "fa-map-marker", + "name": "Create Mapping", + }, + { + "href": "#resource/managed/role/list/", + "icon": "fa-check-square-o", + "name": "Manage Roles", + }, + { + "href": "#managed/add/", + "icon": "fa-tablet", + "name": "Add Device", + }, + { + "href": "#selfservice/userregistration/", + "icon": "fa-gear", + "name": "Configure Registration", + }, + { + "href": "#selfservice/passwordreset/", + "icon": "fa-gear", + "name": "Configure Password Reset", + }, + { + "href": "#resource/managed/user/list/", + "icon": "fa-user", + "name": "Manage Users", + }, + { + "href": "#settings/", + "icon": "fa-user", + "name": "Configure System Preferences", + }, + ], + "size": "large", + "type": "quickStart", + }, + ], }, - "claimValue": { - "type": "string", + { + "isDefault": false, + "name": "System Monitoring", + "widgets": [ + { + "legendRange": { + "month": [ + 500, + 2500, + 5000, + ], + "week": [ + 10, + 30, + 90, + 270, + 810, + ], + "year": [ + 10000, + 40000, + 100000, + 250000, + ], + }, + "maxRange": "#24423c", + "minRange": "#b0d4cd", + "size": "large", + "type": "audit", + }, + { + "size": "large", + "type": "clusterStatus", + }, + { + "size": "large", + "type": "systemHealthFull", + }, + { + "barchart": "false", + "size": "large", + "type": "lastRecon", + }, + ], }, - }, - "type": "object", - }, - "logical": false, - "title": "JwtClaim", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NONE.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NONE": { - "_id": "NONE", - "config": { - "properties": {}, - "type": "object", - }, - "logical": false, - "title": "NONE", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/NOT.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "NOT": { - "_id": "NOT", - "config": { - "properties": { - "subject": { - "properties": {}, - "type": "object", + { + "isDefault": false, + "name": "Resource Report", + "widgets": [ + { + "selected": "activeUsers", + "size": "x-small", + "type": "counter", + }, + { + "selected": "rolesEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "activeConnectors", + "size": "x-small", + "type": "counter", + }, + { + "size": "large", + "type": "resourceList", + }, + ], + }, + { + "isDefault": false, + "name": "Business Report", + "widgets": [ + { + "graphType": "fa-pie-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "signIns", + "widgetTitle": "Sign-Ins", + }, + { + "graphType": "fa-bar-chart", + "size": "x-small", + "type": "passwordResets", + "widgetTitle": "Password Resets", + }, + { + "graphType": "fa-line-chart", + "providers": [ + "Username/Password", + ], + "size": "x-small", + "type": "newRegistrations", + "widgetTitle": "New Registrations", + }, + { + "size": "x-small", + "timezone": { + "hours": "07", + "minutes": "00", + "negative": true, + }, + "type": "socialLogin", + }, + { + "selected": "socialEnabled", + "size": "x-small", + "type": "counter", + }, + { + "selected": "manualRegistrations", + "size": "x-small", + "type": "counter", + }, + ], + }, + { + "isDefault": false, + "name": "seantestdashboard", + "widgets": [ + { + "size": "large", + "type": "resourceList", + }, + ], }, + ], + "dashboard": { + "widgets": [ + { + "size": "large", + "type": "Welcome", + }, + ], }, - "type": "object", }, - "logical": true, - "title": "NOT", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/OR.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "OR": { - "_id": "OR", - "config": { - "properties": { - "subjects": { - "type": "array", + "ui/profile": { + "_id": "ui/profile", + "tabs": [ + { + "name": "personalInfoTab", + "view": "org/forgerock/openidm/ui/user/profile/personalInfo/PersonalInfoTab", }, - }, - "type": "object", + { + "name": "signInAndSecurity", + "view": "org/forgerock/openidm/ui/user/profile/signInAndSecurity/SignInAndSecurityTab", + }, + { + "name": "preference", + "view": "org/forgerock/openidm/ui/user/profile/PreferencesTab", + }, + { + "name": "trustedDevice", + "view": "org/forgerock/openidm/ui/user/profile/TrustedDevicesTab", + }, + { + "name": "oauthApplication", + "view": "org/forgerock/openidm/ui/user/profile/OauthApplicationsTab", + }, + { + "name": "privacyAndConsent", + "view": "org/forgerock/openidm/ui/user/profile/PrivacyAndConsentTab", + }, + { + "name": "sharing", + "view": "org/forgerock/openidm/ui/user/profile/uma/SharingTab", + }, + { + "name": "auditHistory", + "view": "org/forgerock/openidm/ui/user/profile/uma/ActivityTab", + }, + { + "name": "accountControls", + "view": "org/forgerock/openidm/ui/user/profile/accountControls/AccountControlsTab", + }, + ], }, - "logical": true, - "title": "OR", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/subjectTypes/Policy.subjectTypes.json 1`] = ` -{ - "meta": Any, - "subjectTypes": { - "Policy": { - "_id": "Policy", - "config": { - "properties": { - "className": { - "type": "string", + "ui/themeconfig": { + "_id": "ui/themeconfig", + "icon": "favicon.ico", + "path": "", + "settings": { + "footer": { + "mailto": "info@pingidentity.com", }, - "name": { - "type": "string", + "loginLogo": { + "alt": "Ping Identity", + "height": "120px", + "src": "images/login-logo-dark.png", + "title": "Ping Identity", + "width": "120px", }, - "values": { - "items": { - "type": "string", - }, - "type": "array", + "logo": { + "alt": "Ping Identity", + "src": "images/logo-horizontal-white.png", + "title": "Ping Identity", }, }, - "type": "object", + "stylesheets": [ + "css/bootstrap-3.4.1-custom.css", + "css/structure.css", + "css/theme.css", + ], }, - "logical": false, - "title": "Policy", - }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/webhookService/webhooks.webhookService.json 1`] = ` -{ - "meta": Any, - "webhookService": { - "webhooks": { - "_id": "webhooks", - "_type": { - "_id": "webhooks", - "collection": true, - "name": "Webhook Service", + "webserver": { + "_id": "webserver", + "gzip": { + "enabled": true, + "includedMethods": [ + "GET", + ], + }, + "maxThreads": { + "$int": "&{openidm.webserver.max.threads|&{org.ops4j.pax.web.server.maxThreads|200}}", + }, }, - "headers": { - "accept": "*/*", + "webserver.listener/http": { + "_id": "webserver.listener/http", + "enabled": { + "$bool": "&{openidm.http.enabled|true}", + }, + "port": { + "$int": "&{openidm.port.http|8080}", + }, + }, + "webserver.listener/https": { + "_id": "webserver.listener/https", + "enabled": { + "$bool": "&{openidm.https.enabled|true}", + }, + "port": { + "$int": "&{openidm.port.https|8443}", + }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", + }, + "webserver.listener/mutualAuth": { + "_id": "webserver.listener/mutualAuth", + "enabled": { + "$bool": "&{openidm.mutualauth.enabled|true}", + }, + "mutualAuth": true, + "port": { + "$int": "&{openidm.port.mutualauth|8444}", + }, + "secure": true, + "sslCertAlias": "&{openidm.https.keystore.cert.alias|openidm-localhost}", }, }, - }, -} -`; - -exports[`frodo config export "frodo config export -RAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts extracted and mappings separate: exportAllTestDir7/realm/root-first-second/wsEntity/ws.wsEntity.json 1`] = ` -{ - "meta": Any, - "wsEntity": { - "ws": { - "_id": "ws", - "_type": { - "_id": "ws", - "collection": true, - "name": "Entity Descriptor ", + "internalRole": { + "openidm-admin": { + "_id": "openidm-admin", + "condition": null, + "description": "Administrative access", + "name": "openidm-admin", + "privileges": [], + "temporalConstraints": [], + }, + "openidm-authorized": { + "_id": "openidm-authorized", + "condition": null, + "description": "Basic minimum user", + "name": "openidm-authorized", + "privileges": [], + "temporalConstraints": [], + }, + "openidm-cert": { + "_id": "openidm-cert", + "condition": null, + "description": "Authenticated via certificate", + "name": "openidm-cert", + "privileges": [], + "temporalConstraints": [], + }, + "openidm-reg": { + "_id": "openidm-reg", + "condition": null, + "description": "Anonymous access", + "name": "openidm-reg", + "privileges": [], + "temporalConstraints": [], + }, + "openidm-tasks-manager": { + "_id": "openidm-tasks-manager", + "condition": null, + "description": "Allowed to reassign workflow tasks", + "name": "openidm-tasks-manager", + "privileges": [], + "temporalConstraints": [], + }, + "platform-provisioning": { + "_id": "platform-provisioning", + "condition": null, + "description": "Platform provisioning access", + "name": "platform-provisioning", + "privileges": [], + "temporalConstraints": [], }, }, + "mapping": {}, + "server": null, + "sync": { + "_id": "sync", + "mappings": [ + { + "_id": "sync/managedOrganization_managedRole", + "consentRequired": false, + "displayName": "managedOrganization_managedRole", + "icon": null, + "name": "managedOrganization_managedRole", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/organization", + "syncAfter": [], + "target": "managed/role", + }, + { + "_id": "sync/seantestmapping", + "consentRequired": false, + "displayName": "seantestmapping", + "icon": null, + "name": "seantestmapping", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/assignment", + "syncAfter": [ + "managedOrganization_managedRole", + ], + "target": "managed/organization", + }, + { + "_id": "sync/managedSeantestmanagedobject_managedUser", + "consentRequired": false, + "displayName": "managedSeantestmanagedobject_managedUser", + "icon": null, + "name": "managedSeantestmanagedobject_managedUser", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT", + }, + { + "action": "ASYNC", + "situation": "ALL_GONE", + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS", + }, + { + "action": "ASYNC", + "situation": "CONFIRMED", + }, + { + "action": "ASYNC", + "situation": "FOUND", + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED", + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY", + }, + { + "action": "ASYNC", + "situation": "MISSING", + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED", + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING", + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED", + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED", + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED", + }, + ], + "properties": [], + "source": "managed/seantestmanagedobject", + "syncAfter": [ + "managedOrganization_managedRole", + "seantestmapping", + ], + "target": "managed/user", + }, + ], + }, }, + "meta": Any, + "realm": {}, } `; @@ -480325,18 +492484,444 @@ return identity "connections": { "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 0, + "y": 0, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + "x": 0, + "y": 0, + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 0, + "y": 0, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0, + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + "x": 0, + "y": 0, + }, + }, + "uiConfig": {}, + }, + }, + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + "x": 0, + "y": 0, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 0, + "y": 0, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + "x": 0, + "y": 0, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", "x": 0, "y": 0, }, - "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "d3d94468-02a4-3259-b55d-38e6d163e820": { "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", "x": 0, "y": 0, }, @@ -480344,697 +492929,3030 @@ return identity "uiConfig": {}, }, }, - "PlatformUpdatePassword": { - "circlesOfTrust": {}, - "emailTemplates": {}, - "innerNodes": { - "735b90b4-5681-35ed-ac3f-678819b6e058": { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": false, - }, - "7cbbc409-ec99-3f19-878c-75bd1e06f215": { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "ValidatedPasswordNode", - "collection": true, - "name": "Platform Password", - }, - "passwordAttribute": "password", - "validateInput": true, - }, - }, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "DataStoreDecisionNode", - "collection": true, - "name": "Data Store Decision", - }, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - "_outcomes": [ - { - "displayName": "True", - "id": "true", - }, - { - "displayName": "False", - "id": "false", - }, - ], - "_type": { - "_id": "AttributePresentDecisionNode", - "collection": true, - "name": "Attribute Present Decision", - }, - "identityAttribute": "userName", - "presentAttribute": "password", - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "EmailSuspendNode", - "collection": true, - "name": "Email Suspend Node", - }, - "emailAttribute": "mail", - "emailSuspendMessage": { - "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", - }, - "emailTemplateName": "updatePassword", - "identityAttribute": "userName", - "objectLookup": true, - }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter current password", - }, - "pageHeader": { - "en": "Verify Existing Password", - }, - "stage": "null", - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - "_outcomes": [ - { - "displayName": "Patched", - "id": "PATCHED", - }, - { - "displayName": "Failed", - "id": "FAILURE", - }, - ], - "_type": { - "_id": "PatchObjectNode", - "collection": true, - "name": "Patch Object", - }, - "identityAttribute": "userName", - "identityResource": "managed/user", - "ignoredFields": [ - "userName", - ], - "patchAsObject": true, - }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "PageNode", - "collection": true, - "name": "Page Node", - }, - "nodes": [ - { - "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", - "displayName": "Platform Password", - "nodeType": "ValidatedPasswordNode", - }, - ], - "pageDescription": { - "en": "Enter new password", - }, - "pageHeader": { - "en": "Update Password", - }, - "stage": "null", - }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "_outcomes": [ - { - "displayName": "Outcome", - "id": "outcome", - }, - ], - "_type": { - "_id": "SessionDataNode", - "collection": true, - "name": "Get Session Data", - }, - "sessionDataKey": "UserToken", - "sharedStateKey": "userName", - }, - }, - "saml2Entities": {}, - "scripts": {}, - "socialIdentityProviders": {}, - "themes": [], - "tree": { - "_id": "PlatformUpdatePassword", - "description": "Update password using active session", - "enabled": true, - "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", - "identityResource": "null", - "innerTreeOnly": false, - "nodes": { - "14bfa6bb-1487-3e45-bba0-28a21ed38046": { - "connections": { - "false": "e301438c-0bd0-429c-ab0c-66126501069a", - "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - }, - "displayName": "Data Store Decision", - "nodeType": "DataStoreDecisionNode", - "x": 0, - "y": 0, - }, - "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { - "connections": { - "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", - "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", - }, - "displayName": "Attribute Present Decision", - "nodeType": "AttributePresentDecisionNode", - "x": 0, - "y": 0, - }, - "32bb90e8-976a-3b52-98d5-da10fe66f21d": { - "connections": { - "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", - }, - "displayName": "Email Suspend", - "nodeType": "EmailSuspendNode", - "x": 0, - "y": 0, - }, - "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { - "connections": { - "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { - "connections": { - "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", - "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", - }, - "displayName": "Patch Object", - "nodeType": "PatchObjectNode", - "x": 0, - "y": 0, - }, - "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { - "connections": { - "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", - }, - "displayName": "Page Node", - "nodeType": "PageNode", - "x": 0, - "y": 0, - }, - "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { - "connections": { - "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", - }, - "displayName": "Get Session Data", - "nodeType": "SessionDataNode", - "x": 0, - "y": 0, - }, - }, - "uiConfig": {}, - }, + }, + "trustedJwtIssuer": {}, + "webhookService": { + "webhooks": { + "_id": "webhooks", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "headers": { + "accept": "*/*", + }, + }, + }, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, + }, + "root-first-second": { + "agent": {}, + "agentGroup": {}, + "application": {}, + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": true, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, + "idp": {}, + "policy": {}, + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790191, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", + ], + }, + }, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790171, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790156, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, + "saml": { + "cot": {}, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, + "script": { + "01e1a3c0-038b-4c16-956a-6c9d89328cff": { + "_id": "01e1a3c0-038b-4c16-956a-6c9d89328cff", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for a scripted decision node", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Authentication Tree Decision Node Script", + "script": "/* + - Data made available by nodes that have already executed are available in the sharedState variable. + - The script should set outcome to either "true" or "false". + */ + +outcome = "true"; +", + }, + "1244e639-4a31-401d-ab61-d75133d8dc9e": { + "_id": "1244e639-4a31-401d-ab61-d75133d8dc9e", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Normalizes raw profile data from Instagram", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Instagram Profile Normalization", + "script": "/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.id), + field("username", rawProfile.username))) +", + }, + "13e3f263-9cd3-4844-8d1c-040fd0dd02eb": { + "_id": "13e3f263-9cd3-4844-8d1c-040fd0dd02eb", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script template for Device Profile Match decision node script for Authentication Tree", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Device Profile Match Template - Decision Node Script", + "script": "/* + * Copyright 2020-2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/** ****************************************************************** + * + * The following script is a simplified template for understanding + * the basics of device matching. _This is not functionally complete._ + * For a functionally complete script as well as a development toolkit, + * visit https://github.com/ForgeRock/forgerock-device-match-script. + * + * Global node variables accessible within this scope: + * 1. \`sharedState\` provides access to incoming request + * 2. \`deviceProfilesDao\` provides access to stored profiles + * 3. \`outcome\` variable maps to auth tree node outcomes; values are + * 'true', 'false', or 'unknownDevice' (notice _all_ are strings). + * ******************************************************************/ + +/** + * Get the incoming request's device profile. + * Returns serialized JSON (type string); parsing this will result a + * native JS object. + */ +var incomingJson = sharedState.get('forgeRock.device.profile').toString(); +var incoming = JSON.parse(incomingJson); + +/** + * Get the incoming user's username and realm. + * Notice the use of \`.asString()\`. + */ +var username = sharedState.get("username").asString(); +var realm = sharedState.get("realm").asString(); + +/** + * Get the user's stored profiles for appropriate realm. + * Returns a _special_ object with methods for profile data + */ +var storedProfiles = deviceProfilesDao.getDeviceProfiles(username, realm); + +// Default to \`outcome\` of 'unknownDevice' +outcome = 'unknownDevice'; + +if (storedProfiles) { + var i = 0; + // NOTE: \`.size()\` method returns the number of stored profiles + var len = storedProfiles.size(); + + for (i; i < len; i++) { + /** + * Get the stored profile. + * Returns serialized JSON (type string); parsing this will result + * a native JS object. + */ + var storedJson = storedProfiles.get(i); + var stored = JSON.parse(storedJson); + + /** + * Find a stored profile with the same identifier. + */ + if (incoming.identifier === stored.identifier) { + + /** + * Now that you've found the appropriate profile, you will perform + * the logic here to match the values of the \`incoming\` profile + * with that of the \`stored\` profile. + * + * The result of the matching logic is assigned to \`outcome\`. Since + * we have profiles of the same identifier, the value (type string) + * should now be either 'true' or 'false' (properties matched or not). + * + * For more information about this topic, visit this Github repo: + * https://github.com/ForgeRock/forgerock-device-match-script + */ + outcome = 'false'; + } + } +} +", + }, + "157298c0-7d31-4059-a95b-eeb08473b7e5": { + "_id": "157298c0-7d31-4059-a95b-eeb08473b7e5", + "context": "AUTHENTICATION_CLIENT_SIDE", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for client side Device Id (Match) Authentication Module", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Device Id (Match) - Client Side", + "script": "var fontDetector = (function () { + /** + * JavaScript code to detect available availability of a + * particular font in a browser using JavaScript and CSS. + * + * Author : Lalit Patel + * Website: http://www.lalit.org/lab/javascript-css-font-detect/ + * License: Apache Software License 2.0 + * http://www.apache.org/licenses/LICENSE-2.0 + * Version: 0.15 (21 Sep 2009) + * Changed comparision font to default from sans-default-default, + * as in FF3.0 font of child element didn't fallback + * to parent element if the font is missing. + * Version: 0.2 (04 Mar 2012) + * Comparing font against all the 3 generic font families ie, + * 'monospace', 'sans-serif' and 'sans'. If it doesn't match all 3 + * then that font is 100% not available in the system + * Version: 0.3 (24 Mar 2012) + * Replaced sans with serif in the list of baseFonts + */ + /* + * Portions Copyrighted 2013 ForgeRock AS. + */ + var detector = {}, baseFonts, testString, testSize, h, s, defaultWidth = {}, defaultHeight = {}, index; + + // a font will be compared against all the three default fonts. + // and if it doesn't match all 3 then that font is not available. + baseFonts = ['monospace', 'sans-serif', 'serif']; + + //we use m or w because these two characters take up the maximum width. + // And we use a LLi so that the same matching fonts can get separated + testString = "mmmmmmmmmmlli"; + + //we test using 72px font size, we may use any size. I guess larger the better. + testSize = '72px'; + + h = document.getElementsByTagName("body")[0]; + + // create a SPAN in the document to get the width of the text we use to test + s = document.createElement("span"); + s.style.fontSize = testSize; + s.innerHTML = testString; + for (index in baseFonts) { + //get the default width for the three base fonts + s.style.fontFamily = baseFonts[index]; + h.appendChild(s); + defaultWidth[baseFonts[index]] = s.offsetWidth; //width for the default font + defaultHeight[baseFonts[index]] = s.offsetHeight; //height for the defualt font + h.removeChild(s); + } + + detector.detect = function(font) { + var detected = false, index, matched; + for (index in baseFonts) { + s.style.fontFamily = font + ',' + baseFonts[index]; // name of the font along with the base font for fallback. + h.appendChild(s); + matched = (s.offsetWidth !== defaultWidth[baseFonts[index]] || s.offsetHeight !== defaultHeight[baseFonts[index]]); + h.removeChild(s); + detected = detected || matched; + } + return detected; + }; + + return detector; +}()); +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved + * + * The contents of this file are subject to the terms + * of the Common Development and Distribution License + * (the License). You may not use this file except in + * compliance with the License. + * + * You can obtain a copy of the License at + * https://opensso.dev.java.net/public/CDDLv1.0.html or + * opensso/legal/CDDLv1.0.txt + * See the License for the specific language governing + * permission and limitations under the License. + * + * When distributing Covered Code, include this CDDL + * Header Notice in each file and include the License file + * at opensso/legal/CDDLv1.0.txt. + * If applicable, add the following below the CDDL Header, + * with the fields enclosed by brackets [] replaced by + * your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * + */ +/* + * Portions Copyrighted 2013 Syntegrity. + * Portions Copyrighted 2013-2014 ForgeRock AS. + */ + +var collectScreenInfo = function () { + var screenInfo = {}; + if (screen) { + if (screen.width) { + screenInfo.screenWidth = screen.width; + } + + if (screen.height) { + screenInfo.screenHeight = screen.height; + } + + if (screen.pixelDepth) { + screenInfo.screenColourDepth = screen.pixelDepth; + } + } else { + console.warn("Cannot collect screen information. screen is not defined."); + } + return screenInfo; + }, + collectTimezoneInfo = function () { + var timezoneInfo = {}, offset = new Date().getTimezoneOffset(); + + if (offset) { + timezoneInfo.timezone = offset; + } else { + console.warn("Cannot collect timezone information. timezone is not defined."); + } + + return timezoneInfo; + }, + collectBrowserPluginsInfo = function () { + + if (navigator && navigator.plugins) { + var pluginsInfo = {}, i, plugins = navigator.plugins; + pluginsInfo.installedPlugins = ""; + + for (i = 0; i < plugins.length; i++) { + pluginsInfo.installedPlugins = pluginsInfo.installedPlugins + plugins[i].filename + ";"; + } + + return pluginsInfo; + } else { + console.warn("Cannot collect browser plugin information. navigator.plugins is not defined."); + return {}; + } + + }, +// Getting geolocation takes some time and is done asynchronously, hence need a callback which is called once geolocation is retrieved. + collectGeolocationInfo = function (callback) { + var geolocationInfo = {}, + successCallback = function(position) { + geolocationInfo.longitude = position.coords.longitude; + geolocationInfo.latitude = position.coords.latitude; + callback(geolocationInfo); + }, errorCallback = function(error) { + console.warn("Cannot collect geolocation information. " + error.code + ": " + error.message); + callback(geolocationInfo); + }; + if (navigator && navigator.geolocation) { + // NB: If user chooses 'Not now' on Firefox neither callback gets called + // https://bugzilla.mozilla.org/show_bug.cgi?id=675533 + navigator.geolocation.getCurrentPosition(successCallback, errorCallback); + } else { + console.warn("Cannot collect geolocation information. navigator.geolocation is not defined."); + callback(geolocationInfo); + } + }, + collectBrowserFontsInfo = function () { + var fontsInfo = {}, i, fontsList = ["cursive","monospace","serif","sans-serif","fantasy","default","Arial","Arial Black", + "Arial Narrow","Arial Rounded MT Bold","Bookman Old Style","Bradley Hand ITC","Century","Century Gothic", + "Comic Sans MS","Courier","Courier New","Georgia","Gentium","Impact","King","Lucida Console","Lalit", + "Modena","Monotype Corsiva","Papyrus","Tahoma","TeX","Times","Times New Roman","Trebuchet MS","Verdana", + "Verona"]; + fontsInfo.installedFonts = ""; + + for (i = 0; i < fontsList.length; i++) { + if (fontDetector.detect(fontsList[i])) { + fontsInfo.installedFonts = fontsInfo.installedFonts + fontsList[i] + ";"; + } + } + return fontsInfo; + }, + devicePrint = {}; + +devicePrint.screen = collectScreenInfo(); +devicePrint.timezone = collectTimezoneInfo(); +devicePrint.plugins = collectBrowserPluginsInfo(); +devicePrint.fonts = collectBrowserFontsInfo(); + +if (navigator.userAgent) { + devicePrint.userAgent = navigator.userAgent; +} +if (navigator.appName) { + devicePrint.appName = navigator.appName; +} +if (navigator.appCodeName) { + devicePrint.appCodeName = navigator.appCodeName; +} +if (navigator.appVersion) { + devicePrint.appVersion = navigator.appVersion; +} +if (navigator.appMinorVersion) { + devicePrint.appMinorVersion = navigator.appMinorVersion; +} +if (navigator.buildID) { + devicePrint.buildID = navigator.buildID; +} +if (navigator.platform) { + devicePrint.platform = navigator.platform; +} +if (navigator.cpuClass) { + devicePrint.cpuClass = navigator.cpuClass; +} +if (navigator.oscpu) { + devicePrint.oscpu = navigator.oscpu; +} +if (navigator.product) { + devicePrint.product = navigator.product; +} +if (navigator.productSub) { + devicePrint.productSub = navigator.productSub; +} +if (navigator.vendor) { + devicePrint.vendor = navigator.vendor; +} +if (navigator.vendorSub) { + devicePrint.vendorSub = navigator.vendorSub; +} +if (navigator.language) { + devicePrint.language = navigator.language; +} +if (navigator.userLanguage) { + devicePrint.userLanguage = navigator.userLanguage; +} +if (navigator.browserLanguage) { + devicePrint.browserLanguage = navigator.browserLanguage; +} +if (navigator.systemLanguage) { + devicePrint.systemLanguage = navigator.systemLanguage; +} + +// Attempt to collect geo-location information and return this with the data collected so far. +// Otherwise, if geo-location fails or takes longer than 30 seconds, auto-submit the data collected so far. +autoSubmitDelay = 30000; +output.value = JSON.stringify(devicePrint); +collectGeolocationInfo(function(geolocationInfo) { + devicePrint.geolocation = geolocationInfo; + output.value = JSON.stringify(devicePrint); + submit(); +}); +", + }, + "1d475815-72cb-42eb-aafd-4026989d28a7": { + "_id": "1d475815-72cb-42eb-aafd-4026989d28a7", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for Social Identity Provider Profile Transformation", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Social Identity Provider Profile Transformation Script", + "script": "/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* Default Social Identity Provider Profile Transformation script to use as a template for new scripts */ +", + }, + "248b8a56-df81-4b1b-b4ba-45d994f6504c": { + "_id": "248b8a56-df81-4b1b-b4ba-45d994f6504c", + "context": "SAML2_IDP_ADAPTER", + "createdBy": "null", + "creationDate": 0, + "default": true, + "description": "Default global script for SAML2 IDP Adapter", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "SAML2 IDP Adapter Script", + "script": "/* + * Copyright 2021-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * The script has these top level functions that could be executed during a SAML2 flow. + * - preSingleSignOn + * - preAuthentication + * - preSendResponse + * - preSignResponse + * - preSendFailureResponse + * + * Please see the javadoc for the interface definition and more information about these methods. + * https://backstage.forgerock.com/docs/am/7.3/_attachments/apidocs/com/sun/identity/saml2/plugins/SAML2IdentityProviderAdapter.html + * Note that the initialize method is not supported in the scripts. + * + * Defined variables. Check the documentation on the respective functions for the variables available to it. + * + * hostedEntityId - String + * Entity ID for the hosted IDP + * realm - String + * Realm of the hosted IDP + * idpAdapterScriptHelper - IdpAdapterScriptHelper (1) + * An instance of IdpAdapterScriptHelper containing helper methods. See Javadoc for more details. + * request - HttpServletRequest (2) + * Servlet request object + * response - HttpServletResponse (3) + * Servlet response object + * authnRequest - AuthnRequest (4) + * The original authentication request sent from SP + * reqId - String + * The id to use for continuation of processing if the adapter redirects + * res - Response (5) + * The SAML Response + * session - SSOToken (6) + * The single sign-on session. The reference type of this is Object and would need to be casted to SSOToken. + * relayState - String + * The relayState that will be used in the redirect + * faultCode - String + * the fault code that will be returned in the SAML response + * faultDetail - String + * the fault detail that will be returned in the SAML response + * logger - Logger instance + * https://backstage.forgerock.com/docs/am/7.3/scripting-guide/scripting-api-global-logger.html. + * Corresponding log files will be prefixed with: scripts.