PingAM

UserSelfService

Realm Operations

Resource path:

/realm-config/services/selfService

Resource version: 0.0

create

Usage

am> create UserSelfService --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "generalConfig" : {
      "type" : "object",
      "title" : "General Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "captchaSiteKey" : {
          "title" : "Google reCAPTCHA Site Key",
          "description" : "Google reCAPTCHA plugin site key.",
          "propertyOrder" : 20,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "signingSecretKeyAlias" : {
          "title" : "Signing Secret Key Alias",
          "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 10,
          "required" : false,
          "type" : "string",
          "exampleValue" : "selfservicesigntest"
        },
        "kbaQuestions" : {
          "title" : "Security Questions",
          "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.",
          "propertyOrder" : 50,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "captchaSecretKey" : {
          "title" : "Google reCAPTCHA Secret Key",
          "description" : "Google reCAPTCHA plugin secret key.",
          "propertyOrder" : 30,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "captchaVerificationUrl" : {
          "title" : "Google Re-captcha Verification URL",
          "description" : "Google reCAPTCHA plugin verification URL.",
          "propertyOrder" : 40,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "validQueryAttributes" : {
          "title" : "Valid Query Attributes",
          "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.",
          "propertyOrder" : 80,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "useSecretStore" : {
          "title" : "Use Secret Store",
          "description" : "If enabled, self-service operations use the AM secret store to retrieve signing and encryption keys for snapshot tokens, and ignore the values set in the Signing Secret Key Alias and Encryption Key Pair Alias properties. Configure the following secret IDs in the secret store before enabling this option: <code>am.services.selfservice.token.encryption</code> and <code>am.services.selfservice.token.signing</code>. If disabled, self-service operations use the configured legacy key aliases.",
          "propertyOrder" : 0,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "minimumAnswersToVerify" : {
          "title" : "Minimum Answers to Verify",
          "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.",
          "propertyOrder" : 70,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "minimumAnswersToDefine" : {
          "title" : "Minimum Answers to Define",
          "description" : "Specifies the minimum number of KBA answers that users must define.",
          "propertyOrder" : 60,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "encryptionKeyPairAlias" : {
          "title" : "Encryption Key Pair Alias",
          "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 5,
          "required" : false,
          "type" : "string",
          "exampleValue" : "selfserviceenctest"
        }
      }
    },
    "userRegistration" : {
      "type" : "object",
      "title" : "User Registration",
      "propertyOrder" : 1,
      "properties" : {
        "userRegistrationEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who self-register must perform email address verification.",
          "propertyOrder" : 110,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.",
          "propertyOrder" : 150,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationEmailVerificationFirstEnabled" : {
          "title" : "Verify Email before User Detail",
          "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.",
          "propertyOrder" : 105,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.",
          "propertyOrder" : 130,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userRegistrationKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must set up their security questions during the self-registration process.",
          "propertyOrder" : 120,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegisteredDestination" : {
          "title" : "Destination After Successful Self-Registration",
          "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>",
          "propertyOrder" : 161,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationEnabled" : {
          "title" : "User Registration",
          "description" : "If enabled, new users can sign up for an account.",
          "propertyOrder" : 90,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationValidUserAttributes" : {
          "title" : "Valid Creation Attributes",
          "description" : "Specifies a whitelist of user attributes that can be set during user creation.",
          "propertyOrder" : 160,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 140,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.",
          "propertyOrder" : 100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "advancedConfig" : {
      "type" : "object",
      "title" : "Advanced Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "forgottenPasswordConfirmationUrl" : {
          "title" : "Forgotten Password Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 340,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenPasswordServiceConfigClass" : {
          "title" : "Forgotten Password Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 360,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationServiceConfigClass" : {
          "title" : "User Registration Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 350,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenUsernameServiceConfigClass" : {
          "title" : "Forgotten Username Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 370,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationConfirmationUrl" : {
          "title" : "User Registration Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 330,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "forgottenPassword" : {
      "type" : "object",
      "title" : "Forgotten Password",
      "propertyOrder" : 2,
      "properties" : {
        "forgottenPasswordEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who reset passwords must perform email address verification.",
          "propertyOrder" : 190,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEnabled" : {
          "title" : "Forgotten Password",
          "description" : "If enabled, users can reset their forgotten password.",
          "propertyOrder" : 170,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.",
          "propertyOrder" : 210,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenPasswordCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.",
          "propertyOrder" : 180,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 230,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 220,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenPasswordKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten password process.",
          "propertyOrder" : 200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "numberOfAllowedAttempts" : {
          "title" : "Lock Out After number of attempts",
          "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.",
          "propertyOrder" : 202,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenPaddingLength" : {
          "title" : "Token Padding Length (bytes)",
          "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.",
          "propertyOrder" : 215,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "numberOfAttemptsEnforced" : {
          "title" : "Enforce password reset lockout",
          "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.",
          "propertyOrder" : 201,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "forgottenUsername" : {
      "type" : "object",
      "title" : "Forgotten Username",
      "propertyOrder" : 3,
      "properties" : {
        "forgottenUsernameShowUsernameEnabled" : {
          "title" : "Show Username",
          "description" : "If enabled, users see their forgotten username on the browser page.",
          "propertyOrder" : 280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailUsernameEnabled" : {
          "title" : "Email Username",
          "description" : "If enabled, users receive their forgotten username by email.",
          "propertyOrder" : 270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 310,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.",
          "propertyOrder" : 250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEnabled" : {
          "title" : "Forgotten Username",
          "description" : "If enabled, users can retrieve their forgotten username.",
          "propertyOrder" : 240,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameTokenTTL" : {
          "title" : "Token LifeTime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.",
          "propertyOrder" : 290,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenUsernameKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten username process.",
          "propertyOrder" : 260,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "profileManagement" : {
      "type" : "object",
      "title" : "Profile Management",
      "propertyOrder" : 4,
      "properties" : {
        "profileAttributeWhitelist" : {
          "title" : "Self readable attributes",
          "description" : "Specifies the list of attributes that users can view when accessing their user profile.",
          "propertyOrder" : 325,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "profileProtectedUserAttributes" : {
          "title" : "Protected Update Attributes",
          "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.",
          "propertyOrder" : 320,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete UserSelfService --realm Realm

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action UserSelfService --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action UserSelfService --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action UserSelfService --realm Realm --actionName nextdescendents

read

Usage

am> read UserSelfService --realm Realm

update

Usage

am> update UserSelfService --realm Realm --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "generalConfig" : {
      "type" : "object",
      "title" : "General Configuration",
      "propertyOrder" : 0,
      "properties" : {
        "captchaSiteKey" : {
          "title" : "Google reCAPTCHA Site Key",
          "description" : "Google reCAPTCHA plugin site key.",
          "propertyOrder" : 20,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "signingSecretKeyAlias" : {
          "title" : "Signing Secret Key Alias",
          "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 10,
          "required" : false,
          "type" : "string",
          "exampleValue" : "selfservicesigntest"
        },
        "kbaQuestions" : {
          "title" : "Security Questions",
          "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.",
          "propertyOrder" : 50,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "captchaSecretKey" : {
          "title" : "Google reCAPTCHA Secret Key",
          "description" : "Google reCAPTCHA plugin secret key.",
          "propertyOrder" : 30,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "captchaVerificationUrl" : {
          "title" : "Google Re-captcha Verification URL",
          "description" : "Google reCAPTCHA plugin verification URL.",
          "propertyOrder" : 40,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "validQueryAttributes" : {
          "title" : "Valid Query Attributes",
          "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.",
          "propertyOrder" : 80,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "useSecretStore" : {
          "title" : "Use Secret Store",
          "description" : "If enabled, self-service operations use the AM secret store to retrieve signing and encryption keys for snapshot tokens, and ignore the values set in the Signing Secret Key Alias and Encryption Key Pair Alias properties. Configure the following secret IDs in the secret store before enabling this option: <code>am.services.selfservice.token.encryption</code> and <code>am.services.selfservice.token.signing</code>. If disabled, self-service operations use the configured legacy key aliases.",
          "propertyOrder" : 0,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "minimumAnswersToVerify" : {
          "title" : "Minimum Answers to Verify",
          "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.",
          "propertyOrder" : 70,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "minimumAnswersToDefine" : {
          "title" : "Minimum Answers to Define",
          "description" : "Specifies the minimum number of KBA answers that users must define.",
          "propertyOrder" : 60,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "encryptionKeyPairAlias" : {
          "title" : "Encryption Key Pair Alias",
          "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.",
          "propertyOrder" : 5,
          "required" : false,
          "type" : "string",
          "exampleValue" : "selfserviceenctest"
        }
      }
    },
    "userRegistration" : {
      "type" : "object",
      "title" : "User Registration",
      "propertyOrder" : 1,
      "properties" : {
        "userRegistrationEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who self-register must perform email address verification.",
          "propertyOrder" : 110,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.",
          "propertyOrder" : 150,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationEmailVerificationFirstEnabled" : {
          "title" : "Verify Email before User Detail",
          "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.",
          "propertyOrder" : 105,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.",
          "propertyOrder" : 130,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "userRegistrationKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must set up their security questions during the self-registration process.",
          "propertyOrder" : 120,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegisteredDestination" : {
          "title" : "Destination After Successful Self-Registration",
          "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>",
          "propertyOrder" : 161,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationEnabled" : {
          "title" : "User Registration",
          "description" : "If enabled, new users can sign up for an account.",
          "propertyOrder" : 90,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "userRegistrationValidUserAttributes" : {
          "title" : "Valid Creation Attributes",
          "description" : "Specifies a whitelist of user attributes that can be set during user creation.",
          "propertyOrder" : 160,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 140,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "userRegistrationCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.",
          "propertyOrder" : 100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "advancedConfig" : {
      "type" : "object",
      "title" : "Advanced Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "forgottenPasswordConfirmationUrl" : {
          "title" : "Forgotten Password Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 340,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenPasswordServiceConfigClass" : {
          "title" : "Forgotten Password Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 360,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationServiceConfigClass" : {
          "title" : "User Registration Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 350,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "forgottenUsernameServiceConfigClass" : {
          "title" : "Forgotten Username Service Config Provider Class",
          "description" : "Specifies the provider class to configure any custom plugins.",
          "propertyOrder" : 370,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "userRegistrationConfirmationUrl" : {
          "title" : "User Registration Confirmation Email URL",
          "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.",
          "propertyOrder" : 330,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "forgottenPassword" : {
      "type" : "object",
      "title" : "Forgotten Password",
      "propertyOrder" : 2,
      "properties" : {
        "forgottenPasswordEmailVerificationEnabled" : {
          "title" : "Email Verification",
          "description" : "If enabled, users who reset passwords must perform email address verification.",
          "propertyOrder" : 190,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEnabled" : {
          "title" : "Forgotten Password",
          "description" : "If enabled, users can reset their forgotten password.",
          "propertyOrder" : 170,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenTTL" : {
          "title" : "Token Lifetime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.",
          "propertyOrder" : 210,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenPasswordCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.",
          "propertyOrder" : 180,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 230,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenPasswordEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 220,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenPasswordKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten password process.",
          "propertyOrder" : 200,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "numberOfAllowedAttempts" : {
          "title" : "Lock Out After number of attempts",
          "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.",
          "propertyOrder" : 202,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenPasswordTokenPaddingLength" : {
          "title" : "Token Padding Length (bytes)",
          "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.",
          "propertyOrder" : 215,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "numberOfAttemptsEnforced" : {
          "title" : "Enforce password reset lockout",
          "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.",
          "propertyOrder" : 201,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "forgottenUsername" : {
      "type" : "object",
      "title" : "Forgotten Username",
      "propertyOrder" : 3,
      "properties" : {
        "forgottenUsernameShowUsernameEnabled" : {
          "title" : "Show Username",
          "description" : "If enabled, users see their forgotten username on the browser page.",
          "propertyOrder" : 280,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailUsernameEnabled" : {
          "title" : "Email Username",
          "description" : "If enabled, users receive their forgotten username by email.",
          "propertyOrder" : 270,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailBody" : {
          "title" : "Outgoing Email Body",
          "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.",
          "propertyOrder" : 310,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameEmailSubject" : {
          "title" : "Outgoing Email Subject",
          "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.",
          "propertyOrder" : 300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "forgottenUsernameCaptchaEnabled" : {
          "title" : "Captcha",
          "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.",
          "propertyOrder" : 250,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameEnabled" : {
          "title" : "Forgotten Username",
          "description" : "If enabled, users can retrieve their forgotten username.",
          "propertyOrder" : 240,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "forgottenUsernameTokenTTL" : {
          "title" : "Token LifeTime (seconds)",
          "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.",
          "propertyOrder" : 290,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "forgottenUsernameKbaEnabled" : {
          "title" : "Security Questions",
          "description" : "If enabled, users must answer their security questions during the forgotten username process.",
          "propertyOrder" : 260,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        }
      }
    },
    "profileManagement" : {
      "type" : "object",
      "title" : "Profile Management",
      "propertyOrder" : 4,
      "properties" : {
        "profileAttributeWhitelist" : {
          "title" : "Self readable attributes",
          "description" : "Specifies the list of attributes that users can view when accessing their user profile.",
          "propertyOrder" : 325,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "profileProtectedUserAttributes" : {
          "title" : "Protected Update Attributes",
          "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.",
          "propertyOrder" : 320,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    }
  }
}

Global Operations

Resource path:

/global-config/services/selfService

Resource version: 1.0

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action UserSelfService --global --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action UserSelfService --global --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action UserSelfService --global --actionName nextdescendents

read

Usage

am> read UserSelfService --global

update

Usage

am> update UserSelfService --global --body body

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "defaults" : {
      "properties" : {
        "forgottenUsername" : {
          "type" : "object",
          "title" : "Forgotten Username",
          "propertyOrder" : 3,
          "properties" : {
            "forgottenUsernameKbaEnabled" : {
              "title" : "Security Questions",
              "description" : "If enabled, users must answer their security questions during the forgotten username process.",
              "propertyOrder" : 260,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameEnabled" : {
              "title" : "Forgotten Username",
              "description" : "If enabled, users can retrieve their forgotten username.",
              "propertyOrder" : 240,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameShowUsernameEnabled" : {
              "title" : "Show Username",
              "description" : "If enabled, users see their forgotten username on the browser page.",
              "propertyOrder" : 280,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameCaptchaEnabled" : {
              "title" : "Captcha",
              "description" : "If enabled, users must pass a Google reCAPTCHA challenge during the forgotten username retrieval process to mitigate against software bots.",
              "propertyOrder" : 250,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenUsernameTokenTTL" : {
              "title" : "Token LifeTime (seconds)",
              "description" : "Maximum lifetime for the token allowing forgotten username, in seconds.",
              "propertyOrder" : 290,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "forgottenUsernameEmailSubject" : {
              "title" : "Outgoing Email Subject",
              "description" : "Customizes the forgotten username email subject text. Format is <code>locale|subject text</code>.",
              "propertyOrder" : 300,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "forgottenUsernameEmailBody" : {
              "title" : "Outgoing Email Body",
              "description" : "Customizes the forgotten username email body text. Format is <code>locale|body text</code>.",
              "propertyOrder" : 310,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "forgottenUsernameEmailUsernameEnabled" : {
              "title" : "Email Username",
              "description" : "If enabled, users receive their forgotten username by email.",
              "propertyOrder" : 270,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "generalConfig" : {
          "type" : "object",
          "title" : "General Configuration",
          "propertyOrder" : 0,
          "properties" : {
            "captchaSecretKey" : {
              "title" : "Google reCAPTCHA Secret Key",
              "description" : "Google reCAPTCHA plugin secret key.",
              "propertyOrder" : 30,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "captchaSiteKey" : {
              "title" : "Google reCAPTCHA Site Key",
              "description" : "Google reCAPTCHA plugin site key.",
              "propertyOrder" : 20,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "encryptionKeyPairAlias" : {
              "title" : "Encryption Key Pair Alias",
              "description" : "An encryption key alias in the OpenAM server's JCEKS keystore. Used to encrypt the JWT token that OpenAM uses to track end users during User Self-Service operations.",
              "propertyOrder" : 5,
              "required" : false,
              "type" : "string",
              "exampleValue" : "selfserviceenctest"
            },
            "validQueryAttributes" : {
              "title" : "Valid Query Attributes",
              "description" : "Specifies the valid query attributes used to search for the user. This is a list of attributes used to identify your account for forgotten password and forgotten username.",
              "propertyOrder" : 80,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "signingSecretKeyAlias" : {
              "title" : "Signing Secret Key Alias",
              "description" : "A signing secret key alias in the OpenAM server's JCEKS keystore. Used to sign the JWT token that OpenAM uses to track end users during User Self-Service operations.",
              "propertyOrder" : 10,
              "required" : false,
              "type" : "string",
              "exampleValue" : "selfservicesigntest"
            },
            "minimumAnswersToVerify" : {
              "title" : "Minimum Answers to Verify",
              "description" : "Specifies the minimum number of KBA questions that users need to answer to be granted the privilege to carry out an action, such as registering for an account, resetting a password, or retrieving a username. Specify a value from <code>0</code> to <code>50</code>.",
              "propertyOrder" : 70,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "minimumAnswersToDefine" : {
              "title" : "Minimum Answers to Define",
              "description" : "Specifies the minimum number of KBA answers that users must define.",
              "propertyOrder" : 60,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "useSecretStore" : {
              "title" : "Use Secret Store",
              "description" : "If enabled, self-service operations use the AM secret store to retrieve signing and encryption keys for snapshot tokens, and ignore the values set in the Signing Secret Key Alias and Encryption Key Pair Alias properties. Configure the following secret IDs in the secret store before enabling this option: <code>am.services.selfservice.token.encryption</code> and <code>am.services.selfservice.token.signing</code>. If disabled, self-service operations use the configured legacy key aliases.",
              "propertyOrder" : 0,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "captchaVerificationUrl" : {
              "title" : "Google Re-captcha Verification URL",
              "description" : "Google reCAPTCHA plugin verification URL.",
              "propertyOrder" : 40,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "kbaQuestions" : {
              "title" : "Security Questions",
              "description" : "Specifies the default set of knowledge-based authentication (KBA) security questions. The security questions can be set for the User Self-Registration, forgotten password reset, and forgotten username services, respectively.<p><p>Format is <code>unique key|locale|question</code>.",
              "propertyOrder" : 50,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            }
          }
        },
        "advancedConfig" : {
          "type" : "object",
          "title" : "Advanced Configuration",
          "propertyOrder" : 5,
          "properties" : {
            "forgottenPasswordServiceConfigClass" : {
              "title" : "Forgotten Password Service Config Provider Class",
              "description" : "Specifies the provider class to configure any custom plugins.",
              "propertyOrder" : 360,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "forgottenPasswordConfirmationUrl" : {
              "title" : "Forgotten Password Confirmation Email URL",
              "description" : "Specifies the confirmation URL that the user receives after confirming their identity during the forgotten password process. The <code>${realm}</code> string is replaced with the current realm.",
              "propertyOrder" : 340,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "forgottenUsernameServiceConfigClass" : {
              "title" : "Forgotten Username Service Config Provider Class",
              "description" : "Specifies the provider class to configure any custom plugins.",
              "propertyOrder" : 370,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "userRegistrationServiceConfigClass" : {
              "title" : "User Registration Service Config Provider Class",
              "description" : "Specifies the provider class to configure any custom plugins.",
              "propertyOrder" : 350,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            },
            "userRegistrationConfirmationUrl" : {
              "title" : "User Registration Confirmation Email URL",
              "description" : "Specifies the confirmation URL that the user receives during the self-registration process. The <code>${realm}</code> string is replaced with the current realm.",
              "propertyOrder" : 330,
              "required" : false,
              "type" : "string",
              "exampleValue" : ""
            }
          }
        },
        "userRegistration" : {
          "type" : "object",
          "title" : "User Registration",
          "propertyOrder" : 1,
          "properties" : {
            "userRegistrationTokenTTL" : {
              "title" : "Token Lifetime (seconds)",
              "description" : "Maximum lifetime of the token allowing User Self-Registration, in seconds.",
              "propertyOrder" : 130,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "userRegistrationEmailBody" : {
              "title" : "Outgoing Email Body",
              "description" : "Customize the User Self-Registration verification email body text. Format is: <code>locale|body text</code>.",
              "propertyOrder" : 150,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "userRegistrationEmailVerificationFirstEnabled" : {
              "title" : "Verify Email before User Detail",
              "description" : "If enabled, email address verification will be performed first before user details screen is displayed. This will take effect only if Verify Email is enabled.",
              "propertyOrder" : 105,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegistrationCaptchaEnabled" : {
              "title" : "Captcha",
              "description" : "If enabled, users must pass a Google reCAPTCHA challenge during user self-registration to mitigate against software bots.",
              "propertyOrder" : 100,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegistrationValidUserAttributes" : {
              "title" : "Valid Creation Attributes",
              "description" : "Specifies a whitelist of user attributes that can be set during user creation.",
              "propertyOrder" : 160,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "userRegistrationEnabled" : {
              "title" : "User Registration",
              "description" : "If enabled, new users can sign up for an account.",
              "propertyOrder" : 90,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegistrationKbaEnabled" : {
              "title" : "Security Questions",
              "description" : "If enabled, users must set up their security questions during the self-registration process.",
              "propertyOrder" : 120,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "userRegisteredDestination" : {
              "title" : "Destination After Successful Self-Registration",
              "description" : "Specifies the action to be taken after a user successfully registers a new account. Choose from:<ul><li><code>default</code>. User is sent to a success page without being logged in.</li><li><code>login</code>. User is sent to the login page to authenticate.</li><li><code>autologin</code>. User is automatically logged in and sent to the appropriate page.</li></ul>",
              "propertyOrder" : 161,
              "required" : true,
              "type" : "string",
              "exampleValue" : ""
            },
            "userRegistrationEmailSubject" : {
              "title" : "Outgoing Email Subject",
              "description" : "Customize the User Self-Registration verification email subject text. Format is <code>locale|subject text</code>.",
              "propertyOrder" : 140,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "userRegistrationEmailVerificationEnabled" : {
              "title" : "Email Verification",
              "description" : "If enabled, users who self-register must perform email address verification.",
              "propertyOrder" : 110,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "forgottenPassword" : {
          "type" : "object",
          "title" : "Forgotten Password",
          "propertyOrder" : 2,
          "properties" : {
            "forgottenPasswordEmailSubject" : {
              "title" : "Outgoing Email Subject",
              "description" : "Customize the forgotten password email subject text. Format is <code>locale|subject text</code>.",
              "propertyOrder" : 220,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "forgottenPasswordTokenTTL" : {
              "title" : "Token Lifetime (seconds)",
              "description" : "Maximum lifetime for the token allowing forgotten password reset, in seconds.<p><p>Specify a value from <code>0</code> to <code>2147483647</code>.",
              "propertyOrder" : 210,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "numberOfAllowedAttempts" : {
              "title" : "Lock Out After number of attempts",
              "description" : "Can be set to 1 or more attempts for a user to correctly answer all their security questions. After the number of configured attempts the user has not correctly answered them the password reset feature will be disabled.",
              "propertyOrder" : 202,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "forgottenPasswordEnabled" : {
              "title" : "Forgotten Password",
              "description" : "If enabled, users can reset their forgotten password.",
              "propertyOrder" : 170,
              "required" : true,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenPasswordEmailBody" : {
              "title" : "Outgoing Email Body",
              "description" : "Customize the forgotten password email body text. Format is <code>locale|body text</code>.",
              "propertyOrder" : 230,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "forgottenPasswordKbaEnabled" : {
              "title" : "Security Questions",
              "description" : "If enabled, users must answer their security questions during the forgotten password process.",
              "propertyOrder" : 200,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenPasswordTokenPaddingLength" : {
              "title" : "Token Padding Length (bytes)",
              "description" : "Desired length of the 'state' parameter in the JWT after padding. This should be greater than the highest possible sum of lengths for a username + userId + email to avoid the possibility of account enumeration based on the JWT length.",
              "propertyOrder" : 215,
              "required" : false,
              "type" : "integer",
              "exampleValue" : ""
            },
            "forgottenPasswordEmailVerificationEnabled" : {
              "title" : "Email Verification",
              "description" : "If enabled, users who reset passwords must perform email address verification.",
              "propertyOrder" : 190,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "numberOfAttemptsEnforced" : {
              "title" : "Enforce password reset lockout",
              "description" : "If enabled, users will be prevented from resetting their password after the configured number of failed attempts.",
              "propertyOrder" : 201,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            },
            "forgottenPasswordCaptchaEnabled" : {
              "title" : "Captcha",
              "description" : "If enabled, users must pass a Google reCAPTCHA challenge during password reset to mitigate against software bots.",
              "propertyOrder" : 180,
              "required" : false,
              "type" : "boolean",
              "exampleValue" : ""
            }
          }
        },
        "profileManagement" : {
          "type" : "object",
          "title" : "Profile Management",
          "propertyOrder" : 4,
          "properties" : {
            "profileProtectedUserAttributes" : {
              "title" : "Protected Update Attributes",
              "description" : "Specifies a profile's protected user attributes, which causes re-authentication when the user attempts to modify these attributes.",
              "propertyOrder" : 320,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            },
            "profileAttributeWhitelist" : {
              "title" : "Self readable attributes",
              "description" : "Specifies the list of attributes that users can view when accessing their user profile.",
              "propertyOrder" : 325,
              "required" : false,
              "items" : {
                "type" : "string"
              },
              "type" : "array",
              "exampleValue" : ""
            }
          }
        }
      },
      "type" : "object",
      "title" : "Realm Defaults"
    }
  }
}