{
  "name": "04-replay",
  "condition": "${find(request.uri.path, '^/replay')}",
  "properties": {
    "amInstanceUrl": "http://am.example.com:8088/openam/"
  },
  "heap": [
    {
      "name": "SystemAndEnvSecretStore-1",
      "type": "SystemAndEnvSecretStore"
    },
    {
      "name": "AmService-1",
      "type": "AmService",
      "config": {
        "agent": {
          "username": "ig_agent",
          "passwordSecretId": "agent.secret.id"
        },
        "secretsProvider": "SystemAndEnvSecretStore-1",
        "url": "&{amInstanceUrl}"
      }
    },
    {
      "name": "PemPropertyFormat-1",
      "type": "PemPropertyFormat"
    },
    {
      "name": "FileSystemSecretStore-1",
      "type": "FileSystemSecretStore",
      "config": {
        "format": "PLAIN",
        "directory": "&{ig.instance.dir}/../secrets/",
        "mappings": [
          {
            "secretId": "am.authentication.nodes.jwt.replay.pinggateway.encryption",
            "format": "PemPropertyFormat-1"
          }
        ]
      }
    },
    {
      "name": "CapturedUserPasswordFilter-1",
      "type": "CapturedUserPasswordFilter",
      "config": {
        "ssoToken": "${contexts.ssoToken.value}",
        "keySecretId": "am.authentication.nodes.jwt.replay.pinggateway.encryption",
        "secretsProvider": "FileSystemSecretStore-1",
        "amService": "AmService-1"
      }
    },
    {
      "name": "CrossDomainSingleSignOnFilter-1",
      "type": "CrossDomainSingleSignOnFilter",
      "config": {
        "redirectEndpoint": "/replay/redirect",
        "authCookie": {
          "path": "/replay",
          "name": "ig-token-cookie"
        },
        "amService": "AmService-1",
        "authenticationService": "Password replay"
      }
    },
    {
      "name": "UserProfileFilter-1",
      "type": "UserProfileFilter",
      "config": {
        "username": "${contexts.ssoToken.info.uid}",
        "userProfileService": {
          "type": "UserProfileService",
          "config": {
            "amService": "AmService-1",
            "profileAttributes": [
              "username"
            ]
          }
        }
      }
    },
    {
      "name": "PasswordReplayFilter-1",
      "type": "PasswordReplayFilter",
      "config": {
        "loginPage": "${true}",
        "credentials": "CapturedUserPasswordFilter-1",
        "request": {
          "method": "POST",
          "uri": "https://app.example.com:8444/login",
          "form": {
            "username": [
              "${contexts.userProfile.username}"
            ],
            "password": [
              "${contexts.capturedPassword.value}"
            ]
          }
        }
      },
      "capture": [
        "all"
      ]
    }
  ],
  "handler": {
    "type": "Chain",
    "config": {
      "filters": [
        "CrossDomainSingleSignOnFilter-1",
        "UserProfileFilter-1",
        "PasswordReplayFilter-1"
      ],
      "handler": "ReverseProxyHandler"
    }
  }
}