WebAuthnMetadataService
Realm Operations
Resource path:
/realm-config/services/webAuthnMetadataService
Resource version: 2.0
create
Usage
am> create WebAuthnMetadataService --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "enforceRevocationCheck" : { "title" : "Enforce revocation check", "description" : "Whether to enforce checking of revocation entries from certificates. If you enable this, AM MUST be able to verify any attestation certificate's trust chain with a CRL or OCSP entry during processing. If you disable this, AM does not check presented certificates for revocation. NOTE: Certificates downloaded from the FIDO Metadata Service might not have a CRL/OCSP entry.", "propertyOrder" : 110, "required" : true, "type" : "boolean", "exampleValue" : "" }, "fidoMetadataServiceUris" : { "title" : "Metadata service URIs", "description" : "A list of locations to download the metadata v3 blob from. The blob signature will be verified against secrets stored in the <code>am.authentication.nodes.webauthn.fidometadataservice.rootcertificate</code> alias. The location can be on a local filesystem if you don't want AM to connect to the internet, but it is your responsibility to keep it up to date.", "propertyOrder" : 100, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action WebAuthnMetadataService --realm Realm --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action WebAuthnMetadataService --realm Realm --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action WebAuthnMetadataService --realm Realm --actionName nextdescendents
update
Usage
am> update WebAuthnMetadataService --realm Realm --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "enforceRevocationCheck" : { "title" : "Enforce revocation check", "description" : "Whether to enforce checking of revocation entries from certificates. If you enable this, AM MUST be able to verify any attestation certificate's trust chain with a CRL or OCSP entry during processing. If you disable this, AM does not check presented certificates for revocation. NOTE: Certificates downloaded from the FIDO Metadata Service might not have a CRL/OCSP entry.", "propertyOrder" : 110, "required" : true, "type" : "boolean", "exampleValue" : "" }, "fidoMetadataServiceUris" : { "title" : "Metadata service URIs", "description" : "A list of locations to download the metadata v3 blob from. The blob signature will be verified against secrets stored in the <code>am.authentication.nodes.webauthn.fidometadataservice.rootcertificate</code> alias. The location can be on a local filesystem if you don't want AM to connect to the internet, but it is your responsibility to keep it up to date.", "propertyOrder" : 100, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" } } }
Global Operations
Resource path:
/global-config/services/webAuthnMetadataService
Resource version: 1.0
getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
Usage
am> action WebAuthnMetadataService --global --actionName getAllTypes
getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
Usage
am> action WebAuthnMetadataService --global --actionName getCreatableTypes
nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
Usage
am> action WebAuthnMetadataService --global --actionName nextdescendents
update
Usage
am> update WebAuthnMetadataService --global --body body
Parameters
- --body
-
The resource in JSON format, described by the following JSON schema:
{ "type" : "object", "properties" : { "defaults" : { "properties" : { "fidoMetadataServiceUris" : { "title" : "Metadata service URIs", "description" : "A list of locations to download the metadata v3 blob from. The blob signature will be verified against secrets stored in the <code>am.authentication.nodes.webauthn.fidometadataservice.rootcertificate</code> alias. The location can be on a local filesystem if you don't want AM to connect to the internet, but it is your responsibility to keep it up to date.", "propertyOrder" : 100, "required" : true, "items" : { "type" : "string" }, "type" : "array", "exampleValue" : "" }, "enforceRevocationCheck" : { "title" : "Enforce revocation check", "description" : "Whether to enforce checking of revocation entries from certificates. If you enable this, AM MUST be able to verify any attestation certificate's trust chain with a CRL or OCSP entry during processing. If you disable this, AM does not check presented certificates for revocation. NOTE: Certificates downloaded from the FIDO Metadata Service might not have a CRL/OCSP entry.", "propertyOrder" : 110, "required" : true, "type" : "boolean", "exampleValue" : "" } }, "type" : "object", "title" : "Realm Defaults" } } }